Table of Contents
Advertisement
Command Reference Guide
Before AAA authentication method lists can be configured or applied, AAA must be enabled. To enable
AAA, use the command
Each AAA authentication method list relies on a combination of authentication methods. Each method
must be entered into the list in the order that they are to be performed. Although these methods can be
entered in any order, each can only be used once. The exception is the group <name> method that can be
entered multiple times to accommodate multiple configured server groups. If the unit fails to make a
connection with the first group listed, it will try the next group specified.
For security reasons, ADTRAN recommends that the local authentication method be used
instead of the none authentication method. Using the local authentication method
prevents unauthorized users from gaining access to the device during a period in which
the links to all authentication servers are down. The local user database contained within
the AOS device will always be available and serves as the last line of defense.
The type of method lists created using the aaa authentication port-auth default command is a default
list. A default list is one that is created and automatically applied to all line interfaces at the global level.
To use RADIUS servers to perform port authentication, the RADIUS servers must be configured prior to
creating the method list. You can configure all RADIUS servers in the system using the command
radius-server on page
1300. You can configure individual RADIUS servers using the command
radius-server host on page
RADIUS servers for authentication by using the group radius method. If you only want to use some of the
available RADIUS servers for authentication, you can create a named server group and add the RADIUS
servers to the group. Server groups are created using the command
servers are added to the group as outlined in the
For more information about AAA authentication, or AAA configuration in general, refer to the Configuring
AAA in AOS configuration guide available online at https://supportforums.adtran.com.
Usage Examples
The following example specifies that the local user database be used for port authentication:
(config)#aaa authentication port-auth default local
60000CRG0-35E
aaa on on page
889.
1302. Once the RADIUS servers have been configured, you can use all
Copyright © 2012 ADTRAN, Inc.
Global Configuration Mode Command Set
aaa group server on page 886
RADIUS Group Command Set on page
and
3296.
876
- Quick Links:
- Basic Mode Command Set
Hide quick links:
Advertisement
Table of Contents
