Table of Contents
Advertisement
To do...
Specify the default
authentication method for all
types of users
Specify the authentication
method for LAN users
Specify the authentication
method for login users
Specify the authentication
method for portal users
The authentication method specified with the authentication default command is for all types of
users and has a priority lower than that for a specific access mode.
With an authentication method that references a RADIUS scheme, AAA accepts only the
authentication result from the RADIUS server. The Access-Accept message from the RADIUS
server does include the authorization information, but the authentication process ignores the
information.
With
the
hwtacacs-scheme-name
authentication is the backup method and is used only when the remote server is not available.
If the primary authentication method is local or none, the system performs local authentication or
does not perform any authentication, and will not use any RADIUS or HWTACACS authentication
scheme.
Configuring AAA Authorization Methods for an ISP Domain
In AAA, authorization is a separate process at the same level as authentication and accounting. Its
responsibility is to send authorization requests to the specified authorization server and to send
authorization information to users. Authorization method configuration is optional in AAA configuration.
AAA supports the following authorization methods:
No authorization: Every user is trusted and has the corresponding default rights of the system.
Local authorization: Users are authorized by the access device according to the attributes
configured for them.
Remote authorization: The access device cooperates with a RADIUS or HWTACACS server to
authorize users. RADIUS authorization is bound with RADIUS authentication. RADIUS
Use the command...
authentication default
{ hwtacacs-scheme
hwtacacs-scheme-name
[ local ] | local | none |
radius-scheme
radius-scheme-name [ local ] }
authentication lan-access
{ local | none | radius-scheme
radius-scheme-name [ local ] }
authentication login
{ hwtacacs-scheme
hwtacacs-scheme-name
[ local ] | local | none |
radius-scheme
radius-scheme-name [ local ] }
authentication portal { local |
none | radius-scheme
radius-scheme-name [ local ] }
radius-scheme
radius-scheme-name
keyword
local
local
and
argument
1-15
Remarks
Optional
local by default
Optional
The default authentication
method is used by default.
Optional
The default authentication
method is used by default.
Optional
The default authentication
method is used by default.
or
hwtacacs-scheme
combination
configured,
local
Advertisement
Chapters
Table of Contents
Troubleshooting
