Patton electronic SmartNode 4110 Series ユーザーズマニュアル
The AAA component
105
SmartWare Software Configuration Guide
8 • RADIUS Client Configuration
3. Query the local database (see
how to configure the local database)
If, e.g. radius_deepblue is not available, radius_extern will be queried after a timeout. But if radius_deepblue
gives an answer that rejects the login request, the remaining methods are not used and the login is denied. The
same applies to the console service, which uses the profile console-login. This profile uses the following sequence
of methods:
gives an answer that rejects the login request, the remaining methods are not used and the login is denied. The
same applies to the console service, which uses the profile console-login. This profile uses the following sequence
of methods:
1. Ask radius server radius_deepblue.
2. Ask predefined method none. This method always grants access as system operator.
If radius_deepblue is not available, access will be granted by the method none. If radius_deepblue rejects the
login request, console access is denied. If radius_deepblue confirms the request, console access is granted.
login request, console access is denied. If radius_deepblue confirms the request, console access is granted.
Do the following to configure the AAA component.
Mode: Configure
Example: Create the AAA profiles for login over Telnet and login over console, as they are shown in
and use them on the Telnet login and console login services.
node>enable
node#configure
node(cfg)#profile authentication remote-radius
node(pf-auth)[remote-~]#method radius radius_deepblue
node(pf-auth)[remote-~]#method radius radius_extern
node(pf-auth)[remote-~]#method local
node(pf-auth)[remote-~]#server-timeout 15
node#configure
node(cfg)#profile authentication remote-radius
node(pf-auth)[remote-~]#method radius radius_deepblue
node(pf-auth)[remote-~]#method radius radius_extern
node(pf-auth)[remote-~]#method local
node(pf-auth)[remote-~]#server-timeout 15
Step
Command
Purpose
1
node(cfg)#profile authentication name
Creates an authentication profile with name
name and enters profile authentication configura-
tion mode.
name and enters profile authentication configura-
tion mode.
2
node(pf-auth)[name]#method [index]
{local | none | {radius name}}
{local | none | {radius name}}
Adds an AAA method to the profile. For RADIUS
you have to specify a name. For information on
how to configure local accounts and RADIUS
servers, refer to chapter 9,
you have to specify a name. For information on
how to configure local accounts and RADIUS
servers, refer to chapter 9,
on page 114. With index you can add a method
between to others.
between to others.
3
Repeat step 2 for all AAA methods you want to
add
add
4
node(pf-auth)[name]#server-timeout
seconds
seconds
Sets the timeout after that the next AAA method
in the list is requested if no answer is received.
in the list is requested if no answer is received.
5
node(pf-auth)[name]#exit
Goes back to the parent configuration mode
6
node(cfg)#terminal Telnet use
authentication profile-name
authentication profile-name
Specifies which AAA profile the Telnet login service
has to use.
has to use.
7
node(cfg)#terminal console use
authentication profile-name
authentication profile-name
Specifies which AAA profile the console login
service has to use.
service has to use.
8
node(cfg)#show profile authentication
[name]
[name]
Displays the configured profiles