ESR series service routers.ESR-Series. User manual
•
•
•
•
•
•
Step Description Command Keys
13 Specify authentication methods
to be tried in case of failure
(optional).
esr(config)# aaa authentication
mode <MODE>
<MODE> – options of iterating over
methods:
chain – if the server returned
FAIL, proceed to the following
authentication method in the
chain;
break – if the server returned
FAIL, abandon authentication
attempts. If the server is
unavailable, continue
authentication attempts by
the following methods in the
chain.
Default value: chain.
14 Configure radius in the list of
user session accounting
methods (optional).
esr(config)# aaa accounting login
start-stop <METHOD 1>
[ <METHOD 2> ]
<METHOD> – accounting methods:
tacacs – session accounting
by TACACS;
radius – session accounting
by RADIUS.
15 Switch to the corresponding
terminal configuration mode.
esr(config)# line <TYPE> <TYPE> – console type:
console – local console;
ssh – secure remote console.
16 Activate user login authentication
list.
esr(config-line-console)# login
authentication <NAME>
<NAME> – list name, set by the
string of up to 31 characters.
Created in step 8.
17 Activate authentication list of
user privileges elevation.
esr(config-line-console)# enable
authentication <NAME>
<NAME> – list name, set by the
string of up to 31 characters.
Created in step 9.
13.1.3 AAA configuration algorithm via TACACS
Step Description Command Keys
1 Set the DSCP code global value
for the use in IP headers of
TACACS server egress packets
(optional).
esr(config)# tacacs-server dscp
<DSCP>
<DSCP> – DSCP code value, takes
values in the range of [0..63].
Default value: 63.
2 Set the global value of the
interval after which the router
assumes that the TACACS
server is not available (optional).
esr(config)# tacacs-server
timeout <SEC>
<SEC> – time interval in seconds,
takes values of [1..30].
Default value: 3 seconds.
To Next Page
Loading...