Table of Contents
Advertisement
The user account is not configured on the device or the user is not allowed to use the
access service.
•
The device does not turn to the backup authentication methods if local authentication is invalid
because of any other reason. Authentication fails for the user.
Prerequisites
Before configuring authentication methods, complete the following tasks:
1.
Determine the access type or service type to be configured. With AAA, you can configure an
authentication method for each access type and service type.
2.
Determine whether to configure the default authentication method for all access types or
service types. The default authentication method applies to all access users. However, the
method has a lower priority than the authentication method that is specified for an access type
or service type.
Procedure
To configure authentication methods for an ISP domain:
Step
1.
Enter system view.
2.
Enter ISP domain view.
3.
Specify default
authentication methods
for all types of users.
4.
Specify authentication
methods for IPoE users.
5.
Specify authentication
methods for LAN users.
6.
Specify authentication
methods for login users.
Command
system-view
domain isp-name
authentication default { hwtacacs-scheme
hwtacacs-scheme-name [ radius-scheme
radius-scheme-name ] [ local ] [ none ] |
ldap-scheme ldap-scheme-name [ local ]
[ none ] | local [ radius-scheme
radius-scheme-name | hwtacacs-scheme
hwtacacs-scheme-name ] * [ none ] | local
[ ldap-scheme ldap-scheme-name ] [ none ] |
none | radius-scheme radius-scheme-name
[ hwtacacs-scheme
hwtacacs-scheme-name ] [ local ] [ none ] }
authentication ipoe { local [ radius-scheme
radius-scheme-name ] [ none ] | none |
radius-scheme radius-scheme-name [ local ]
[ none ] }
authentication lan-access { ldap-scheme
ldap-scheme-name [ local ] [ none ] | local
[ ldap-scheme ldap-scheme-name |
radius-scheme radius-scheme-name ]
[ none ] | none | radius-scheme
radius-scheme-name [ local ] [ none ] }
authentication login { hwtacacs-scheme
hwtacacs-scheme-name [ radius-scheme
radius-scheme-name ] [ local ] [ none ] |
ldap-scheme ldap-scheme-name [ local ]
[ none ] | local [ radius-scheme
radius-scheme-name | hwtacacs-scheme
hwtacacs-scheme-name ] * [ none ] | local
[ ldap-scheme ldap-scheme-name ] [ none ] |
none | radius-scheme radius-scheme-name
[ hwtacacs-scheme
hwtacacs-scheme-name ] [ local ] [ none ] }
59
Remarks
N/A
N/A
By default, the default
authentication method is
local.
By default, the default
authentication method is
used for IPoE users.
This command takes
effect only on CSPEX
cards.
By default, the default
authentication method is
used for LAN users.
By default, the default
authentication method is
used for login users.
Advertisement
Table of Contents
Troubleshooting
