Filter
Top Products
DES-7200 Configuration Guide Chapter 1 AAA Configuration
1-39
! Configure the authentication attempt 2 times and the authentication lockout-time 10
hours
DES-7200(config)#aaa local authentication attempts 2
DES-7200(config)#aaa local authentication lockout-time 10
2. Enable authentication
The Enable authentication is used to switch the user privilege level. An authentication
process is needed before the user switches the privilege level to the superuser using
the enable command. There are two methods to define the authentication method list:
1) Radius; 2) Local. The Enable authentication can only set the default method list,
which will be auto-applied after the configuration.
!Configure the enable authentication method list
DES-7200(config)#aaa authentication enable default group radius local
# Configure the authorization
1. Exec authorization
The Exec authorization is used to control the user command privilege level. For
example, level 15 is the superuser, level 14 is the configuration user, level 2 is the
ordinary user. The remote Exec authorization takes precedence over the local one.
! Configure the exec authorization method list and apply it to the line
DES-7200(config)#aaa authorization exec shouquan group tacacs+ local
DES-7200(config)#line vty 0 15
DES-7200(config-line)#authorization exec shouquan
! Configure the exec authorization for the console (by default, the exec authorization
is not for the console)
DES-7200(config)#aaa authorization console
2. Command authorization
The Command authorization is used to offer the execution privilege of the key
commands only to the administrators. The Command authorization authorizes the
level of the command but not of the current user. The Radius protocol is not
supported.
!Configure the Command authorization method list and apply it to the line.
DES-7200(config)#aaa authorization commands 2 abc group tacacs+ local
DES-7200(config)#line vty 0 15