Filter
Top Products
DES-7200 Configuration Guide Chapter 1 AAA Configuration
1-8
Caution
Only after the AAA is enabled through the command aaa new-model in the
global configuration mode, the AAA security features are available for your
configuration. For the details, see AAA Overview.
In many cases, the user needs to Telnet the network access server (NAS). Once such a
connection is set up, it is possible to configure NAS remotely. To prevent unauthorized
accesses to the network, it is required to perform authentication on the user identity.
The AAA security services make it easy for the network devices to perform line-based
authentication. No matter which line authentication method you decide to use, you just need to
execute the aaa authentication login command to define one or more authentication method
list and apply it on the specific line that need the line authentication.
To configure the AAA PPP authentication, execute the following command in the global
configuration mode:
Command Function
configure terminal
Enter the global configuration mode.
aaa new-model
Enable AAA.
aaa authentication login {default
|list-name} method1 [method2...]
Define an accounting method list, or repeat this
command to define more.
line vty line-num
Enter the line that needs to apply the AAA
authentication.
login authentication
{default|list-name}
Apply the method list on the line.
The keyword "list-name" is used to name the created authentication method list, which can be
any string. The keyword "method" means the actual algorithm for authentication. Only when
the current method returns ERROR (no reply), the next authentication method will be
attempted. If the current method returns FAIL, no authentication method will be used any more.
To make the authentication return successfully, even if no specified methods reply, it is
possible to specific "none" as the last authentication method.
In the example below, it is possible to pass the identity authentication even if the Radius server
returns TIMEOUT. aaa authentication login default group radius none