Configuration Guide Configuring AAA
If an authentication scheme contains multiple authentication methods, these methods are executed according to the
configured sequence.
The next authentication method is executed only when the current method does not respond. If the current method fails,
the next method will be not tried.
When the none method is used, users can get access even when no authentication method gets response. Therefore,
the none method is used only as standby.
Normally, do not use None authentication. You can use the none method as the last optional authentication method in
special cases. For example, all the users who may request access are trusted users and the users' work must not be
delayed by system faults. Then you can use the none method to assign access permissions to these users when the
security server does not respond. It is recommended that the local authentication method be added before the none
method.
If AAA authentication is enabled but no authentication method is configured and the default authentication method does
not exist, users can directly log in to the Console without being authenticated. If users log in by other means, the users
must pass local authentication.
When a user enters the CLI after passing login authentication (the none method is not used), the username is recorded.
When the user performs Enable authentication, the user is not prompted to enter the username again, because the
username that the user entered during login authentication is automatically filled in. However, the user must enter the
password previously used for login authentication.
The username is not recorded if the user does not perform login authentication when entering the CLI or the none
method is used during login authentication. Then, a user is required to enter the username each time when performing
Enable authentication.
Configuration Steps
Enabling AAA
Mandatory.
Run the aaa new-model command to enable AAA.
By default, AAA is disabled.
Defining a Method List of Login Authentication
Run the aaa authentication login command to configure a method list of login authentication.
This configuration is mandatory if you need to configure a login authentication method list (including the configuration of
the default method list).
By default, no method list of login authentication is configured.
Defining a Method List of Enable Authentication
Run the aaa authentication enable command to configure a method list of Enable authentication.
To Next Page
Loading...
Need help?
General
