44
C
2: C
HAPTER
ONFIGURING
Local Authentication
for Console Users and
RADIUS
Authentication for
Telnet Users
WX1200# set user natasha password m@Jor
User natasha created
WX1200# set authentication console * local
success: change accepted.
WX1200# set radius server r1 address 192.168.253.1 key sunFLOW#$
success: change accepted.
Local Override and
Backup Local
Authentication
WX1200# set user natasha password m@Jor
User natasha created
WX1200# set radius server r1 address 192.168.253.1 key sunFLOW#$
success: change accepted.
WX1200# set server group sg1 members r1
success: change accepted.
WX1200# set authentication console * local sg1
success: change accepted.
WX1200# save config
success: configuration saved.
AAA
A
FOR
DMINISTRATIVE AND
This scenario illustrates how to enable local authentication for console
users and RADIUS authentication for Telnet administrative users. To do
so, you configure at least one local username for console authentication
and set up a RADIUS server for Telnet administrators. Natasha types the
following commands in this order:
Natasha also adds the RADIUS server (r1) to the RADIUS server group sg1,
and configures Telnet administrative users for authentication through the
group. She types the following commands in this order:
WX1200# set server group sg1 members r1
success: change accepted.
WX1200# set user admin attr service-type 6
success: change accepted.
WX1200# set authentication admin * sg1
success: change accepted.
WX1200# save config
success: configuration saved.
If the service-type is not set to 6 (Administrative), the user will not be able
to enter "enable" mode commands.
This scenario illustrates how to enable local override authentication for
console users. Local override means that MSS attempts authentication
first via the local database. If it finds no match for the user in the local
database, MSS then tries a RADIUS server—in this case, server r1 in server
group sg1. Natasha types the following commands in this order:
L
A
OCAL
CCESS