System Configuration and Monitoring
Left running head:
Chapter name (automatic)
69
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
Alcatel-Lucent
M
ETHOD-LIST CONFIGURATION
A method-list is a list of authentication methods. It specifies the sequence of
authentication methods to be approached for authentication. The methods are
queried in the order in which they are specified.
Possible authentication methods include a pre-defined RADIUS server group,
TACACS+ server group, and local authentication.
A method-list needs to be associated with a particular type of client. Whenever a
user tries to login through that type of client, the list is traversed in the order in
which the methods are specified. That is to say, the first method is queried first.
Now if the first method authenticates the user, the user is allowed access. If it
says that the user is not authenticated, then the user is denied access. But, if
there is an error in the query, then the second method in the list is approached
and similar steps are repeated, until the end of the list is reached. If there are
errors in queries to all the methods, then the user is denied access.
T
O CONFIGURE A METHOD-LIST
EXAMPLE
ALU(config)# aaa method-list m1 rad1 tac1 local
The following example shows that you cannot configure a method-list with an
invalid method:
ALU(config)# aaa method-list m1 tac2
One of the Specified Methods doesn't exist
The following example shows that you cannot configure a method-list with a group
that does not have any server configured in it:
ALU(config)# aaa method-list m1 rad3
One of the Specified Groups doesn't have any server in it
ALU(config)# no aaa method-list m1
Command (in CM) Description
aaa method-list <name>
<methods>...
This command is used to configure a
method-list.
A method list can be successfully configured
only if the lists do not contain any invalid
method like – empty radius/TACACS+
groups, etc.
no aaa method-list <name> This command deletes the specified method-
list.
You cannot delete a method list if it is
associated to any client-type.
To Next Page
Loading...
Need help?
General
