Technical data

7-10 Dial Solutions Quick Configuration Guide
Configuring Authentication
3. Identify a List Name
A list name identifies each authentication list. You can choose either to use the keyword default,or
choose any other name that describes the authentication list. For example, you might give it the name
isdn-radius if you intend to apply it to interfaces configured for ISDN and RADIUS authentication.
The list name can be any alphanumeric string. Use default as the list name for most lines and
interfaces, and use different names on an exception basis.
You can create different authentication method lists and apply them to lines and interfaces
selectively. You can even create a named authentication method list that you do not apply to a line
or interface, but which you intend to apply at some later point, such as when you deploy a new login
method for users.
After you define a list name, you must identify additional security attributes (such as local
authentication versus TACACS+ or RADIUS).
In the following example, the default authentication method list for PPP dial-in clients uses the local
security database.
2511# configure terminal
2511(config)# aaa authentication ppp default
In the following example, the PPP authentication method list name is insecure.
2511# configure terminal
2511(config)# aaa authentication ppp insecure
In the following example, the ARA authentication method list name is callback (because
asynchronous callback is used on the access server).
2511# configure terminal
2511(config)# aaa authentication arap callback
In the following example, the login authentication method list name is deveng.
2511# configure terminal
2511(config)# aaa authentication login deveng
4. Specify the Authentication Method
After you identify a list name, you must specify an authentication method. An authentication method
identifies how users are authenticated. For example, will users be authenticated by a local security
database resident on the access server (local method)? Will they be authenticated by a remote
security database, such as by a TACACS+ or RADIUS daemon? Will guest access to an AppleTalk
network be permitted?
Authentication methods are defined with optional keywords in the aaa authentication command.
The available authentication methods for PPP are described in Table 7-4. The available
authentication methods for ARA are described in Table 7-5.
Table 7-4 PPP Authentication Methods
Authentication Methods for PPP Purpose
if-needed Authenticates only if not already authenticated. No
duplicate authentication.
krb5 Specifies Kerberos 5 authentication.
local Uses the local username database in the access server. This
is defined with the username global configuration
command.