D-Link DGS-6604 — руководство по CLI для аутентификации AAA на коммутаторах [41/1106]

Превью страниц Страница 41 / 1106
D-Link DGS-6604 [41/1106] Example
DGS-6600 Series Switch m aaa authentication
CLI Reference Guide
31
Use the no aaa authentication to disable the login or the enable list for the
specified application or all applications (such as console, telnet, http and ssh
etc.) if no application option is specified. This command should be executed
when the specified application is configured by any group, otherwise it would be
useless, because the aaa authentication default configuration is local.
To configure AAA authentication, you must first define a group of authentication
servers (by aaa group server command). If a non-existed group server is
referred, an error is displayed for that. The group server defines the types of
authentication to be performed and the sequence in which they will be
performed.
A method list is a sequential list describing the authentication methods to be
queried in order to authenticate a user. Method lists enable you to designate one
or more security protocols to be used for authentication, thus ensuring a backup
system for authentication in case the initial method fails. Switch system uses the
first listed method to authenticate users. If that method fails to respond, the
switch system selects the next authentication method listed in the method list.
This process continues until there is successful communication with a listed
authentication method, or all methods defined in the method list are exhausted.
It is important to note that the switch system attempts authentication with the next
listed authentication method only when there is no response from the previous
method. If authentication fails at any point in this cycle-meaning that the security
server or local usernames database responds by denying the user access-the
authentication process stops and no other authentication methods are
attempted.
Local authentication uses locally configured login and enable passwords to
authenticate login attempts. The login and enable passwords are local to each
switch and are not mapped to the individual usernames. By default, local
authentication is used. Once you specify the authentication method list for the
login/enable on some application, the switch won't attempt local authentication
even the specified authentication methods fail.
If the method list is empty, then local authentication will be used.
In order to make AAA authentication take effect, you have to create at least one
local user account for login and set up the enable password.
Example The following example sets a login method list for an authenticate login attempt
from all of the applications (including console, telnet, ssh, http). The methods
start from group2.
Verify the settings by entering the show aaa command.
Switch(config)# aaa authentication login group group2 local
Switch(config)#

Содержание

4839

Изучите, как настроить аутентификацию AAA на коммутаторах, включая методы и группы серверов. Узнайте о локальной аутентификации и последовательности методов.