Filter
Top Products
DES-7200 Configuration Guide Chapter 1 AAA Configuration
1-7
or the session is terminated. If all servers (R1 and R2) returns TIMEOUT, the authentication
will be performed by the NAS local database.
Caution
The REJECT response is not the same as the TIMEOUT response. REJECT
means the user fails to comply with the standard in the available authentication
database and does not pass the authentication, thus the access request will be
refused. TIMEOUT means there is no reply from the security server to the
authentication. When an TIMEOUT is detected, the AAA selects the next
authentication method in the method list to continue the authentication process.
1.3.3 Authentication Type
DES-7200 products support the following authentication types:
z Login Authentication -- the authentication of the user terminal logging in the NAS CLI.
z Enable Authentication -- the authentication of improving the CLI authority after the user
terminal loggs in the NAS CLI.
z PPP Authentication -- the authentication of PPP dial user.
z DOT1X(IEEE802.1x) Authentication -- the authentication of the IEEE802.1x access user.
1.3.4 General Steps in
Configuring AAA
Authentication
The following tasks are common for the configuration of AAA authentication.
z Enable AAA by using the global configuration command aaa new-model.
z Configure the security protocol parameters if you decide to use the security server, such
as RADIUS. See Configuring Radius for details.
z Define the authentication method list by using the aaa authentication command.
z Applying method list on a specific interface or line, if possible.
Caution
TACACS+ is not supported by the DOT1X authentication.
1.3.5 Configuring the AAA
Login Authentication
This section deals with how to configure the AAA Login authentication methods supported by
our product: