Home > 3Com > Router > 3Com Router User Manual

3Com Router User Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual 3Com Router User Manual. The 3Com manuals for Router are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 531

    Page 531 EXEC Configuration Example 527 ■An administrator user using the console port ■An operator user using telnet Configureng Administrator User Login Authentication from a Console Port In this example, the user name is abc and the password is hello. The RADIUS server first authenticates the user, and then local authentication is used when the former authentication cannot be carried out normally. When logging in the router connected through the console port, only the user whose user name is abc and... 
    EXEC Configuration Example 527
■An administrator user using the console port
■An operator user using telnet
Configureng Administrator User Login Authentication from a Console Port
In this example, the user name is abc and the password is hello. The RADIUS server 
first authenticates the user, and then local authentication is used when the former 
authentication cannot be carried out normally. When logging in the router 
connected through the console port, only the user whose user name is abc and...

    Page 532

    Page 532 528CHAPTER 37: CONFIGURING TERMINAL ACCESS SECURITY 
    528CHAPTER 37: CONFIGURING TERMINAL ACCESS SECURITY

    Page 533

    Page 533 38 CONFIGURING AAA AND RADIUS P ROTOCOL This chapter covers the following topics: ■AAA Overview ■RADIUS Overview ■Configuring AAA and RADIUS ■Displaying and Debugging AAA and RADIUS ■AAA and RADIUS Configuration Examples ■Troubleshooting AAA and RADIUS AAA OverviewAAA implements the following network security services: ■Authenticating user access rights ■Authorizing users for certain types of services ■Accounting for the network resources used by users Network security refers mainly to access... 
    38
CONFIGURING AAA AND RADIUS 
P
ROTOCOL
This chapter covers the following topics:
■AAA Overview
■RADIUS Overview
■Configuring AAA and RADIUS
■Displaying and Debugging AAA and RADIUS
■AAA and RADIUS Configuration Examples 
■Troubleshooting AAA and RADIUS 
AAA OverviewAAA implements the following network security services:
■Authenticating user access rights 
■Authorizing users for certain types of services
■Accounting for the network resources used by users 
Network security refers mainly to access...

    Page 534

    Page 534 530CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL responsible for receiving a users request for connection, authenticating the user, and returning the required information to NAS. The RADIUS server maintains three databases: ■Users: stores user information, such as username, password, applied protocols, IP address ■Clients: stores information about the RADIUS client, such as the shared key ■Dictionary: explains the meaning of RADIUS protocol attributes The following figure shows the three components... 
    530CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL
responsible for receiving a users request for connection, authenticating the user, 
and returning the required information to NAS.
The RADIUS server maintains three databases: 
■Users: stores user information, such as username, password, applied protocols, 
IP address
■Clients: stores information about the RADIUS client, such as the shared key
■Dictionary: explains the meaning of RADIUS protocol attributes
The following figure shows the three components...

    Page 535

    Page 535 RADIUS Overview531 Figure 166 Basic message interaction process of RADIUS The basic operation is described as follows: 1The user enters a username and password. 2Having received the username and password, teh RADIUS client sends an authentication request packet (Access-Request) to the RADIUS server. 3The RADIUS server authenticates the user information in the user database. If the authentication succeeds, it sends the users right information in an authentication response packet (Access-Accept) to... 
    RADIUS Overview531
Figure 166   Basic message interaction process of RADIUS
The basic operation is described as follows:
1The user enters a username and password.
2Having received the username and password, teh RADIUS client sends an 
authentication request packet (Access-Request) to the RADIUS server.
3The RADIUS server authenticates the user information in the user database. If the 
authentication succeeds, it sends the users right information in an authentication 
response packet (Access-Accept) to...

    Page 536

    Page 536 532CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL Figure 167 RADIUS packet structure The Identifier field is used to match request packets and response requests. It varies with the Attribute field and the valid received response packets, but remains unchanged during retransmission. The Authenticator field (16 bytes) is used to authenticate the request transmitted by the RADIUS server, and it can also be used on the password hidden algorithm. There are two kinds of Authenticator packets: ■Request... 
    532CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL
Figure 167   RADIUS packet structure
The Identifier field is used to match request packets and response requests. It 
varies with the Attribute field and the valid received response packets, but remains 
unchanged during retransmission. The Authenticator field (16 bytes) is used to 
authenticate the request transmitted by the RADIUS server, and it can also be used 
on the password hidden algorithm. There are two kinds of Authenticator packets: 
■Request...

    Page 537

    Page 537 Configuring AAA and RADIUS533 Ta b l e 598 Attribute Fields Attribute field 26 (Vender-Specific) in the RADIUS protocol can be easily extended, so that the user can define extension attributes. Figure 168 shows the packet structure: Figure 168 Fragment of the RADIUS packet that includes extension attribute Configuring AAA and RADIUSConfiguring AAA and RADIUS includes tasks that are described in the following sections: ■Enabling and Disabling AAA ■Configuring the Authentication Method List for... 
    Configuring AAA and RADIUS533
Ta b l e 598   Attribute Fields 
Attribute field 26 (Vender-Specific) in the RADIUS protocol can be easily extended, 
so that the user can define extension attributes. 
Figure 168 shows the packet 
structure:
Figure 168   Fragment of the RADIUS packet that includes extension attribute
Configuring AAA and 
RADIUSConfiguring AAA and RADIUS includes tasks that are described in the following 
sections:
■Enabling and Disabling AAA
■Configuring the Authentication Method List for...

    Page 538

    Page 538 534CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL ■Assigning an IP Address for a PPP User ■Configuring a Local User Database ■Configure RADIUS Server Enabling and Disabling AAAPlease perform the following configurations in the system view. Ta b l e 599 Enable/Disable AAA By default, AAA is disabled. Configuring the Authentication Method List for Login UsersAn authentication method list defines the authentication methods, including the authentication types, which can be executed, and their... 
    534CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL
■Assigning an IP Address for a PPP User
■Configuring a Local User Database
■Configure RADIUS Server
Enabling and Disabling 
AAAPlease perform the following configurations in the system view.
Ta b l e 599   Enable/Disable AAA
By default, AAA is disabled.
Configuring the 
Authentication Method 
List for Login UsersAn authentication method list defines the authentication methods, including the 
authentication types, which can be executed, and their...

    Page 539

    Page 539 Configuring AAA and RADIUS535 methods the subsequent methods can be used. If authentication again, the authentication is terminated. The none method is meaningful only when it is the last item of the method list. Note that only one login method list can be configured, which can use a different name from the previously configured list. The latest configured authentication method list replaces the former one. All the login services using AAA use this method list. Five legal combinations of the methods... 
    Configuring AAA and RADIUS535
methods the subsequent methods can be used. If authentication again, the 
authentication is terminated. The none method is meaningful only when it is the 
last item of the method list. Note that only one login method list can be 
configured, which can use a different name from the previously configured list. 
The latest configured authentication method list replaces the former one. All the 
login services using AAA use this method list.
Five legal combinations of the methods...

    Page 540

    Page 540 536CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL ■aaa authentication-scheme ppp default radius local Different PPP authentication method lists can be configured for different interfaces. Configuring the Local-First Authentication of AAAWhen local-first authentication is configured, the user is authenticated locally first. If local authentication fails, then the authentication method configured in the method list is used instead. Once local-first authentication is configured, it is applied to all... 
    536CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL
■aaa authentication-scheme ppp default radius local
Different PPP authentication method lists can be configured for different 
interfaces.
Configuring the 
Local-First 
Authentication of AAAWhen local-first authentication is configured, the user is authenticated locally first. 
If local authentication fails, then the authentication method configured in the 
method list is used instead. Once local-first authentication is configured, it is 
applied to all...
    Start reading 3Com Router User Manual

    Related Manuals for 3Com Router User Manual

    All 3Com manuals