Configuring Radius Login Authentication - Allen-Bradley Stratix 5100 User Manual

Chapter 14 Configuring RADIUS and TACACS+ Servers
414
You need to configure some settings also on the RADIUS server. These settings
include the IP address of the access point and the key string to be shared by both
the server and the access point.

Configuring RADIUS Login Authentication

To configure AAA authentication, you define a named list of authentication
methods and then apply that list to various interfaces. The method list defines the
types of authentication and the sequence to be performed. This must be applied
to a specific interface before any of the defined authentication methods are
performed. The only exception is the default method list (by coincidence, is
named default). The default method list is automatically applied to all interfaces
except those that have a named method list explicitly defined.
A method list describes the sequence and authentication methods to be queried
to authenticate a user. You can designate one or more security protocols to be
used for authentication, thus ensuring a back-up system for authentication in case
the initial method fails. The software uses the first method listed to authenticate
users; if that method fails to respond, the software selects the next authentication
method in the method list. This process continues until there is successful
communication with a listed authentication method or until all defined methods
are exhausted. If authentication fails at any point in this cycle—meaning that the
security server or local username database responds by denying the user access—
the authentication process stops, and no other authentication methods are
attempted.
Beginning in privileged EXEC mode, follow these steps to configure login
authentication. This procedure is required.
1. Enter global configuration mode.
configure terminal
2. Enable AAA.
aaa new-model
3. Create a login authentication method list.
• To create a default list that is used when a named list is not specified in
the login authentication command, use the default keyword followed
by the methods that are to be used in default situations. The default
method list is automatically applied to all interfaces.
For more information on list names, click this link:
www.cisco.com/univercd/cc/td/doc/product/software/ios122/
122cgcr/fsecur_c/fsaaa/scfathen.htm#xtocid2
• For method1..., specify the actual method the authentication algorithm
tries. The additional methods of authentication are used only if the
previous method returns an error, not if it fails.
Choose one of these methods:
• Line
Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
http://