Defining Aaa Authentication Method List; Example Of Method List - D-Link xStack DGS-3610 Series Configuration Manual

DGS-3610 Series Configuration Guide
37.6.1 Defining AAA Authentication Method
List
To configure the AAA authentication, the first step is to define a named list of the
authentication method, and then the applications use the defined list for authentication. The
method list defines the authentication type and execution order. The defined authentication
methods must be applied on specific interfaces before they can be executed. The default
method list is exceptional.When not configured, all applications will use the default method
list.
The method list is just a list to define the authentication method to be queried in turn to verify
the user identity. The method list can define one or more security protocols for authentication,
so that there are backup systems available for the authentication in case of failure of the first
method. Our product works with the first method in the method list for user authentication,
and then selects the next method in the method list in case of no reply from that method.
This process goes on till an authentication method successfully allows communication or all
methods are used up. If all listed methods are used up but the communication is not allowed,
it declares failure of authentication.
Caution
37.6.2

Example of Method List

In a typical AAA network configuration, there are two servers: R1 and R2 are both RADIUS
servers. Suppose the network administrator has chosen a security solution, and the NAS
authentication uses an authentication method to authenticate the Telnet connection: First,
R1 is used for user authentication. In case of no reply, R2 will be used. If there is no reply
from both R1 and R2, the local database of the access server will perform the authentication.
To configure the above authentication list, run the following commands:
Command
configure terminal
aaa authentication login default
group radius local
If the system administrator hopes to apply this method list on a specific Login connection,
he/she must create a named method list and then apply it on the specific connection. The
example below shows how to apply the authentication method list on line 2 only.
Our product will try the next method only when there is no reply from a
method. During the authentication, if the user access is refused by a
method, the authentication process ends and no other methods will be
attempted.
Chapter 37 Configuration of 802.1X
Function
Enter the global configuration mode.
Configure a default authentication method list,
where "default" is the name of the method list. The
protocols included in this method list are listed
behind the name in the order by which they will be
queried. The default method list is applied on all
applications.
37-5