D-Link DGS-6600-48TS Configuration Guide - Page 428
Authentication, Authorization and Accounting (AAA) Configuration, Overview, An Introduction
View all D-Link DGS-6600-48TS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 428 highlights
Volume 8-Security & Authentication / Chapter 39-Authentication, Authorization and Accounting (AAA) Configuration Chapter Overview Chapter 39 Authentication, Authorization and Accounting (AAA) Configuration Chapter Overview The following topics are included in this chapter, please go to the topic for more detailed information: • Chapter Overview • An Introduction to AAA Configuration • AAA Configuration Commands • Configuring AAA Server Groups • Configuring Authentication Method Lists • Enabling Authorization from a Server • List of Constants and Default Settings An Introduction to AAA Configuration The AAA module allows the administrator to define methods for authenticating users that attempt to access the system via a console, Telnet, SSH, or HTTP connection. To configure an authentication method, the user must first define a server group. A server group contains a list of server hosts, with each server being able to run its own protocol. The ordering of the server hosts in the group determines the precedence of the servers that will be used for authentication. A method list is a sequential list of server groups that describes the authentication methods that will be queried in order to authenticate a user. Method lists enable the user to designate one or more of the server groups that will be used for authentication, which ensures that a backup system is available for authentication if the initial method fails. The Switch system uses the first listed method to authenticate users. If that method fails to respond, the Switch system selects the next authentication method listed in the method list. This process continues until there is successful communication with a listed authentication method, or all the methods defined in the method list are exhausted. It is important to note that the Switch system will only attempt authentication with the next listed authentication method when there is no response from the previous method. If authentication fails at any point in this cycle (meaning that the security server or local username database has responded by denying the user access) the authentication process will stop and no other authentication methods will be attempted. Local authentication uses locally configured login and enable passwords to authenticate login attempts. The login and enable passwords are local to each switch and are not mapped to individual usernames. By default, local authentication is used. Once an authentication method list is specified for the login/enable password on some applications, the Switch will not attempt local authentication and even the specified authentication methods will fail. If the method list is empty local authentication will be used. DGS-6600 Configuration Guide 428