Connecting Remotely Via Ssh Or Telnet With Aaa Service - Enterasys Security Router X-PeditionTM User Manual

AAA Services
The method to perform AAA is configured globally by the
additional
enable
service is local, you can authenticate to a RADIUS server or PKI database. Alternately, you can set
the AAA method per interface with
originating from different interfaces by different methods and overrides the global (invoked by
client
using
Most AAA method sub-commands are available for RADIUS service only (see
Configuration for RADIUS Authentication and
method sub-commands
authentication requests, respectively.
AAA users can be added to AAA service with the
address
set a maximum privilege level per interface to supersede any user/group-assigned level.
While most of these parameters are self-explanatory, the
which system each user will be allowed to access on the XSR. The module options are:
ssh , telnet
• Telnet/Console: administrators and low-level Console users who will use the standard serial
connection application
• SSH: users who will require a more secure Telnet-type connection
• Firewall: users who will access the firewall
• VPN: users who will tunnel in to the XSR
AAA users can be assigned to groups with the
divided into
privilege
specifically assigned to a group are added to the
the user and group level but a user-level policy overrides a user's group-level policy.
Although AAA authentication is set by the service not the user, you can override this rule by
configuring a user to authenticate at every login with
@-configured user is configured before enabling the default authentication service. Refer to the next
section to configure SSH or Telnet with AAA authentication.
Debugging of AAA data can be provided by the
terminal where debugging information was most recently requested. Also, if multiple AAA
debugs are activated, all data will be sent to the last used terminal requesting debugging. The
sample AAA debug below displays a successful MSCHAP authentication using the local method:
Local::queue(test)
AAuthenticatePlugin::queue (alg == 0xf)
groupplugin Reply: Pool
IRMauthorizeMsg::clientLogon [test]

Connecting Remotely via SSH or Telnet with AAA Service

Perform the following commands to configure SSH or Telnet service:
1. On the CLI, enter configure to acquire Configuration mode.
16-6 Configuring Security on the XSR
acct-port , address
, key , qtimeout , retransmit
) or default AAA method. For example, if the default method has not been set for Telnet
client telnet , then the default method you set for AAA service is used.
acct-port
, password , privilege
, and vpn . Their intended functions are, as follows:
dns wins server
and
policy
, and sub-commands to set that group's respective parameters. Any users not
, attempts , auth-port
, and timeout sub-commands. Although the default AAA
aaa-method , which lets the XSR authenticate requests
Accounting" on page 16-33). Additional AAA
auth-port
and set UDP ports for accounting and
aaa user
, and policy sub-commands to set user attributes. Also, you can
aaa group
ip pool l2tp
, , and
DEFAULT
debug aaa
= authpool
aaa method
command, which provides
, backup , client , enable
command, which includes
policy
value is important in specifying
top-level command, which is sub-
pptp compression
,
AAA group. Policies can be set at both
@<method>username
. The XSR checks if the
command. Output is directed to the
, group , hash
"Firewall
group , ip
firewall
,
pptp encrypt mppe
,