Configure the Authentication Function in the AAA Domain
AAA provides a series of authentication methods to ensure the security of devices and network services. For example, authenticate user login to prevent illegal users from operating devices; authenticate users into privileged mode to restrict the using authorities of users for device; authenticate PPP session connections to restrict the setup of the illegal connections.
Configuration Condition
None
Configure the Authentication Method in the ISP Domain
AAA can authenticate a user when he tries to log into a specific ISP domain. Users who fail to authenticate cannot log into the specified ISP domain.
Table 11-3 Configure the authentication method list in the ISP domain
Step
|
Command
|
Description
|
Enter the global configuration mode
|
configure terminal
|
-
|
Enter the ISP domain view
|
domain isp-name
|
Mandatory
By default, the system has one ISP domain named system.
|
Configure the default authentication method in the ISP domain
|
aaa authentication default { none / local / radius-group group-name / tacacs-group group-name }
|
Optional
By default, the default authentication method in the ISP domain is local.
|
Configure the user login authentication method in the ISP domain
|
aaa authentication login { none / enable / local / radius-group group-name / tacacs-group group-name }
|
Optional
By default, do not configure the login authentication method, but adopt the default authentication method in the domain.
|
Configure the portal|dot1x authentication method in the ISP domain
|
aaa authentication {portal | dot1x}{ none / local /radius-group group-name / tacacs-group group-name }
|
Optional
By default, do not configure Portal, dot1x authentication method, but adopt the default authentication method in the domain.
|