D-Link DES-7200 Refrigerator User Manual


  Open as PDF
of 1968
 
DES-7200 Configuration Guide Chapter 1 AAA Configuration
1-6
Caution
Only when there is no reply from a method, our product will attempt the next
method. During the authentication, if the user access is refused by a method,
the authentication process ends and no other methods will be attempted.
1.3.2 Example of Method
List
In a typical AAA network configuration, there are two servers: R1 and R2 are both RADIUS
servers. Suppose the network administrator has chosen a security solution, and the NAS
authentication uses an authentication method to authenticate the Telnet connection: First, R1
is used for the user authentication. In case of no reply, R2 will be used. In case there is no
reply from both R1 and R2, the local database of the access server will perform the
authentication. To configure the above authentication list, run the following commands:
Command Function
configure terminal
Enter the global configuration mode.
aaa authentication login default
group radius local
Configure a default authentication method list,
where "default" is the name of the method list.
The protocols included in this method list are
listed behind the name in the order by which
they will be queried. The default method list is
applied on all applications.
If the system administrator hopes to apply this method list on a specific Login connection,
he/she must create a named method list and then apply it on the specific connection. The
example below shows how to apply the authentication method list on line 2 only.
Command Function
configure terminal
Enter the global configuration mode.
aaa new-model
Turn on the AAA switch.
aaa authentication login test
group radius local
Define a method list named "test" in the global
configuration mode.
line vty 2
Enter the configuration layer of line 2
login authentication test
In the line configuration mode, apply the
method list named “test” on the line.
If a remote PC user attempts to Telnet the network access server(NAS), the NAS first queries
the authentication information from R1. If the user passes the authentication on R1, R1 sends
a ACCEPT reply to the NAS, and thus the user's access to the network is allowed. If R1
returns the REJECT reply, the user's access is refused and then disconnected.If R1 does not
respond, NAS considers TIMEOUT and queries the authentication information to R2. This
process continues for the remaining methods till the user passes the authentication, is refused