DES-7200 Configuration Guide Chapter 1 AAA Configuration
1-37
ordinary users own the reading priority only.
5. The user authentication information, the authorization information and the network
information are recorded in the server for the display and audit later(This example uses the
TACACS+ for the accounting. )
1.10.1.3 Configuration Key-points
From the analysis of the part of “Network Requirements”, deploying the AAA function can
address the above requirements, which is to dynamically configure the ID authentication,
authorization and accounting type for the user(line) or the server. Define the ID authentication,
authorization and accounting type by creating the method list, and apply the method list to the
specified service or interface. For the details, see the following “Configuration Steps”.
1.10.1.4 Configuration Steps
#Enable AAA:
!Enable the AAA function on the device
DES-7200#configure terminal
DES-7200(config)#aaa new-model
# Configure the security server:
The network security server takes the responsibilty for the authentication, the
authorization and the accounting. The user information are stored in the server and
the software of the server can record, calculate and analyze the various information
via the syslogs.
! Configure the Radius server information (the shared key for the communication
between the device and the Radius server is DES-7200)
DES-7200(config)#radius-server host 10.1.1.1
DES-7200(config)#radius-server key DES-7200
! Configure Tacacs+ server information (the shared key for the communication
between the device and the Tacacs+ server is redgiant)
DES-7200(config)#tacacs-server host 10.1.1.2
DES-7200(config)#tacacs-server key redgiant
# Configure the local user:
! Configure the password encryption (the key information for the local password and
the security server are saved and shown in the simply-encrypted format)