DES-7200 Configuration Guide Chapter 1 AAA Configuration
1-17
line vty 0 4
login authentication test
!
!
In the example above, the access server uses the Radius server (IP 192.168.217.64) to
perform authentication for the login users. If the Radius server has no reply, the local database
will be used for the identity authentication. Login authentication is unnecessary for tty 1-4 is the
used line of the terminal service, while using other tty and vty lines needs the login
authentication.
1.4 Configuring
Authorization
The AAA authorization enables the administrator to control the user’s use of the services or the
rights. After the AAA authorization service is enabled, the network device configures the user
sessions by using the user configuration file stored locally or in the server. After the
authorization is completed, the user can only use the services allowed in the profile or has the
allowed rights.
1.4.1 Authorization Types
Our product supports the following AAA authorization methods:
z Exec authorization method – the user terminal loggs in the NAS CLI and is
granted the privilege level (0-15 level).
z Command authorization method – after the user terminal loggs in the NAS
CLI, the specific commands are authorized.
z Network authorization method – grant the available service to the user
session in the network.
Note
Only TACACS+ supports the command authorization method. For the detailed
information, please refer to TACACS+ Configuration.
1.4.2 Preparations for
Authorization
The following tasks must be completed before the AAA authorization is configured:
z Enable the AAA server. For the details, see AAA Overview.
z (Optional) Configure the AAA authentication. The authorization is done after the user
passes the authentication. But sole authorization can also be done without
authentication. For details of the AAA authentication, see Configuring Authentication.
z (Optional) Configure security protocol parameters. If the security protocol is required for
authorization, it is required to configure the security protocol parameters. The network