Configuring Authentication, Authorization, and Accounting 181
•The
ias
method is a special method that is only used for 802.1X. It uses an
internal database (separate from the local user database) that acts like an
802.1X authentication server. This method never returns an error. It will
always pass or deny a user.
•The
line
method uses the password for the access line on which the user is
accessing the switch. If there is no line password defined for the access
line, then the line method will return an error.
•The
local
method uses the local user database. If the user password does
not match, then access is denied. This method returns an error if the user
name is not present in the local user database.
•The
none
method does not perform any service, but instead always returns
a result as if the service had succeeded. This method never returns an error.
•The
radius
and
tacacs
methods communicate with servers running the
RADIUS and TACACS+ protocols, respectively. These methods can
return an error if the switch is unable to contact the server.
Access Lines
There are five access lines: console, telnet, SSH, HTTP, and HTTPS. HTTP
and HTTPS are not configured using AAA method lists. Instead, the
authentication list for HTTP and HTTPS is configured directly
(authorization and accounting are not supported). The default method lists
for both the HTTP and HTTPS access lines consist of only the local method.
Each of the other access lines may be assigned method lists independently for
the AAA services.
Authentication
Authentication is the process of validating a user's identity. During the
authentication process, only identity validation is done. There is no
determination made of which switch services the user is allowed to access.
This is true even when RADIUS is used for authentication; RADIUS cannot
perform separate transactions for authentication and authorization. However,
the RADIUS server can provide attributes during the authentication process
that are used in the authorization process.
There are three types of authentication:
To Next Page
Loading...
