Configuration Guide Configuring AAA
request is denied. The Timeout response indicates that the security server fails to respond to the identity query. When
detecting a timeout event, the AAA service proceeds to the next method in the list to continue the authentication
process.
This document describes how to configure AAA on the security server. For details about the configuration on the
TACACS+ server, see the
Configuring TACACS+
.
AAA Server Group
You can define an AAA server group to include one or more servers of the same type. If the server group is referenced by a
method list, the NAS preferentially sends requests to the servers in the referenced server group when the method list is used
to implement AAA.
VRF-Enabled AAA Group
Virtual private networks (VPNs) enable users to share bandwidths securely on the backbone networks of Internet service
providers (ISPs). A VPN is a site set consisting of shared routes. An STA site connects to the network of an ISP through one
or multiple interfaces. AAA supports assigning a VPN routing forwarding (VRF) table to each user-defined server group.
When AAA is implemented by the server in a group assigned with a VRF table, the NAS sends request packets to the remote
servers in the server group. The source IP address of request packets is an address selected from the VRF table according
to the IP addresses of the remote servers.
If you run the ip radius/tacacs+ source-interface command to specify the source interface for the request packets, the IP
address obtained from the source interface takes precedence over the source IP address selected from the VRF table.
Overview
Verifies whether users can access the Internet.
Determines what services or permissions users can enjoy.
Records the network resource usage of users.
Creates domain-specific AAA schemes for 802.1X stations (STAs) in different domains.
2.3.1 AAA Authentication
Authentication, authorization, and accounting are three independent services. The authentication service verifies whether
users can access the Internet. During authentication, the username, password, and other user information are exchanged
between devices to complete users' access or service requests. You can use only the authentication service of AAA.
To configure AAA authentication, you need to first configure an authentication method list. Applications perform
authentication according to the method list. The method list defines the types of authentication and the sequence in
which they are performed. Authentication methods are implemented by specified applications. The only exception is the
default method list. All applications use the default method list if no method list is configured.
AAA Authentication Scheme
No authentication (none)
To Next Page
Loading...
Need help?
General
