Инструкции По Установке для 3com S7906E

 

1-17 

z 

The authentication method specified with the authentication default command is for all types of 

users and has a priority lower than that for a specific access mode. 

z 

With an authentication method that references a RADIUS scheme, AAA accepts only the 

authentication result from the RADIUS server. The Access-Accept message from the RADIUS 

server does include the authorization information, but the authentication process ignores the 

information. 

z 

With the radius-scheme 

local, 

hwtacacs-scheme-name  local keyword and argument combination configured, local 

authentication is the backup method and is used only when the remote server is not available. 

z 

If the primary authentication method is local or none, the system performs local authentication or 

does not perform any authentication, and will not use any RADIUS, or HWTACACS authentication 

scheme. 

z 

If the method for level switching authentication references an HWTACACS scheme, the system 

uses the login username of a user for level switching authentication of the user by default. If the 

method for level switching authentication references a RADIUS scheme, the system uses the 

username configured for the corresponding privilege level on the RADIUS server for level switching 

authentication, rather than the original username, namely the login username or the username 

entered by the user. A username configured on the RADIUS server is in the format of $enab+level, 

where  level specifies the privilege level to which the user wants to switch. For example, if user 

user1 of domain aaa wants to switch the privilege level to 3, the system uses $enab3@aaa for 

authentication when the domain name is required and uses $enab3 for authentication when the 

domain name is not required.  

 

In AAA, authorization is a separate process at the same level as authentication and accounting. Its 

responsibility is to send authorization requests to the specified authorization server and to send 

authorization information to users. Authorization method configuration is optional in AAA configuration. 

AAA supports the following authorization methods: 

z 

No authorization (none): No authorization exchange is performed. Every user is trusted and has 

the corresponding default rights of the system. 

z 

Local authorization (local): Users are authorized by the access device according to the attributes 

configured for them. 

z 

Remote authorization (scheme): The access device cooperates with a RADIUS or HWTACACS 

server to authorize users. RADIUS authorization is bound with RADIUS authentication. RADIUS 

authorization can work only after RADIUS authentication is successful, and the authorization 

information is carried in the Access-Accept message. HWTACACS authorization is separate from 

HWTACACS authentication, and the authorization information is carried in the authorization 

response after successful authentication. You can configure local authorization or no authorization 

as the backup method to be used when the remote server is not available. 

By default, an ISP domain uses the local authorization method. If the no authorization method (none) is 

configured, the users are not required to be authorized, in which case an authenticated user has the 

default right. The default right is visiting (the lowest one) for EXEC users (that is, console users who use