DES-7200 Configuration Guide Chapter 1 AAA Configuration
1-12
Only when the current method returns ERROR(no reply), the next authentication method will
be attempted. If the current method returns FAIL, no authentication method will be used any
more. To make the authentication return successfully, even if no specified methods reply, it is
possible to specify none as the last authentication method.
Once configured, the enable authentication method takes effect. When executing enable
command in the privileged mode, it prompts to authenticate if you want to switchover a higher
privilege level. It is no need to authenticate if the privilege level to be set is lower than or equal
to the current one.
Caution
The current username will be recorded if the Login authentication(except for
none method) is done when entering the CLI. At this time, if the Enable
authencation processes, it will not prompt to input the username and you can
use the same username of Login authentication. Note that the password input
must be consistent.
The username information will not be recorded if there is no Login
authentication when entering the CLI, or the none method is used. At this time,
if the Enable authentication processes, you shall input the username again.
This username will not be recorded, so you shall input it every time when the
Enable authentication processes.
Some authentication methods can bind the security level. Then in the process of
authentication, except for the returned response according to the security protocol, it is
necessary to verify the binded security level. If the service protocol can bind the security level,
the level shall be verified while authenticating. If the binded level is more than or equal to the
level to be configured, the enable authentication and level switchover succeed. But if the
binded level is less than the level to be configured, the enable authentication fails, prompting
the error message and keeping the current level. If the service protocol fails to bind the
security level, you can configure the level without verification of the binded level.
Caution
Now only RADIUS and Local authentication support to bind the securiy level.
To this end, only the security levels of these two methods are checked.
1.3.6.1 Using the local username
database for Enable
authentication
When processing the enable authentication with local database, you can configure the user
privilege level while configuring the local user. By default, the privilege level is 1. To configure
the enable authentication with local database, it is required to configure the local database first
and configure the privilege level. To establish the username authentication, run the following
commands in the global configuration mode: