Support User Manuals

D-Link DES-7200 Refrigerator User Manual

Open as PDF

of 1968

DES-7200 Configuration Guide Chapter 1 AAA Configuration

1-6

Caution

Only when there is no reply from a method, our product will attempt the next

method. During the authentication, if the user access is refused by a method,

the authentication process ends and no other methods will be attempted.

1.3.2 Example of Method

List

In a typical AAA network configuration, there are two servers: R1 and R2 are both RADIUS

servers. Suppose the network administrator has chosen a security solution, and the NAS

authentication uses an authentication method to authenticate the Telnet connection: First, R1

is used for the user authentication. In case of no reply, R2 will be used. In case there is no

reply from both R1 and R2, the local database of the access server will perform the

authentication. To configure the above authentication list, run the following commands:

Command Function

configure terminal

Enter the global configuration mode.

aaa authentication login default

group radius local

Configure a default authentication method list,

where "default" is the name of the method list.

The protocols included in this method list are

listed behind the name in the order by which

they will be queried. The default method list is

applied on all applications.

If the system administrator hopes to apply this method list on a specific Login connection,

he/she must create a named method list and then apply it on the specific connection. The

example below shows how to apply the authentication method list on line 2 only.

Command Function

configure terminal

Enter the global configuration mode.

aaa new-model

Turn on the AAA switch.

aaa authentication login test

group radius local

Define a method list named "test" in the global

configuration mode.

line vty 2

Enter the configuration layer of line 2

login authentication test

In the line configuration mode, apply the

method list named “test” on the line.

If a remote PC user attempts to Telnet the network access server(NAS), the NAS first queries

the authentication information from R1. If the user passes the authentication on R1, R1 sends

a ACCEPT reply to the NAS, and thus the user's access to the network is allowed. If R1

returns the REJECT reply, the user's access is refused and then disconnected.If R1 does not

respond, NAS considers TIMEOUT and queries the authentication information to R2. This

process continues for the remaining methods till the user passes the authentication, is refused

previous next