Specifications

Administrative AAA Configuration Scenarios

3-12 Configuring AAA for Administrative and Local Access

NatashaalsoaddstheRADIUSserver(r1)totheRADIUSservergroupsg1,andconfiguresTelnet

administrativeusersforauthenticationthroughthegroup.Shetypesthefollowingcommandsin

thisorder:

RBT-8100#RBT-8100# set server group sg1 members r1

success: change accepted.

RBT-8100# set authentication admin * sg1

success: change accepted.

RBT-8100# save config

success: configuration saved.

Local Override and Backup Local Authentication

Thisscenarioillustrateshowtoenablelocaloverrideauthenticationforconsoleusers.Local

overridemeansthatMSSattemptsauthenticationfirstviathelocaldatabase.Ifitfindsnomatch

fortheuserinthelocaldatabase,MSSthentries aRADIUSserver—inthiscase,serverr1inserver

groupsg1.

Example

Natashatypesthefollowingcomm andsinthisorder:

RBT-8100# set user natasha password m@Jor

User natasha created

RBT-8100# set radius server r1 address 192.168.253.1 key sunFLOW#$

success: change accepted.

RBT-8100# set server group sg1 members r1

success: change accepted.

RBT-8100# set authentication console * local sg1

success: change accepted.

RBT-8100# save config

success: configuration saved.

NatashaalsoenablesbackupRADIUSauthentication forTelnetadministrativeusers.Ifthe

RADIUSserverdoesnotrespond,theuserisauthenticatedbythelocaldatabaseinthe

RoamAboutSwitch.Natashatypesthefollowingcommands:

RBT-8100# set authentication admin * sg1 local

success: change accepted.

RBT-8100# save config

success: configuration saved.

TheorderinwhichNatashaentersauthenticationmethodsinthesetauthenticationcommand

determinesthemethodMSSattemptsfirst.Thelocaldatabaseisthefirstmethodattemptedfor 

consoleusersandthelastmethodattemptedforTelnetadministrators.