Configuration Guide AAA Configuration
Configuring Authorization
The AAA authorization enables the administrator to control the user’s use of the services or the
rights. After the AAA authorization service is enabled, the network device configures the user
sessions by using the user configuration file stored locally or in the server. After the
authorization is completed, the user can only use the services allowed in the profile or has the
allowed rights.
Authorization Types
Our product supports the following AAA authorization methods:
Exec authorization method – the user terminal loggs in the NAS CLI and is
granted the privilege level (0-15 level).
Command authorization method – after the user terminal loggs in the NAS
CLI, the specific commands are authorized.
Network authorization method – grant the available service to the user
session in the network.
Only TACACS+ supports the command authorization method. For the detailed
information, please refer to TACACS+ Configuration.
Preparations for Authorization
The following tasks must be completed before the AAA authorization is configured:
Enable the AAA server. For the details, see AAA Overview.
(Optional) Configure the AAA authentication. The authorization is done after the user
passes the authentication. But sole authorization can also be done without
authentication. For details of the AAA authentication, see Configuring Authentication.
(Optional) Configure security protocol parameters. If the security protocol is required for
authorization, it is required to configure the security protocol parameters. The network
authorization only supports RADIUS; the Exec authorization supports RADIUS and
TACACS+. For details of the RADIUS, see Configuring RADIUS. For details of the
TACACS+, see Configuring TACACS+.
(Optional) If the local authorization is required, it is required to use the username
command to define the user rights.
Configuring Authorization List
To enable AAA authorization, execute the following command in the global configuration mode:
To Next Page
Loading...
