User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000

351

352

353

354

355

356

357

358

359

360

XSR User’s Guide 317

Chapter 13 AAA Services

Configuring Security on the XSR

 Deleting the only privilege-15 user with Telnet or SSH policy is

disallowed to prevent any accidental loss of access to the XSR.

There are two types of default AAA methods, as follows:

 The default AAA method for the AAA service. This is set using the

aaa method [local | pki | radius] default command. By

default, the local method is the default AAA method for the AAA

service.

 The default AAA method for individual clients such as VPN, SSH,

Firewall, and Telnet. This is set on a per client basis via the

client

{telnet | ssh | firewall | vpn}

sub-command under the aaa

method

command.

If the latter default is not specified for a client, the former default applies.

The method for performing AAA is configured with the top-level

aaa method

command, which is sub-divided into acct-port, address, attempts, auth-

port

, backup, client, enable, group, hash enable, key, qtimeout,

retransmit, and timeout sub-commands. The default method for AAA

service is set to local by default. But if you wish, you can authenticate to a

RADIUS server or PKI database. Most of the AAA method sub-commands

are available for RADIUS service only (refer to “Firewall Configuration for

RADIUS Authentication and Accounting” on page 352 for details).

The AAA method sub-command

client sets the default AAA method for any

of these client services: VPN, Telnet, Firewall or SSH. If you do not invoke this

command, the AAA service’s default method (set by

aaa method [local |

pki | radius] default

) will apply. For example, if the default method has

not been set for Telnet using the

client telnet sub-command under aaa

method

, then the default method for AAA service will be used.

Additional AAA method sub-commands

acct-port and auth-port set

UDP ports for accounting and authentication requests, respectively.

AAA users can be added to AAA service with the top-level

aaa user

command, which is sub-divided into group, ip address, password,

privilege

, and policy sub-commands which set those users’ respective

attributes.