AAA configuration considerations and task list
To configure AAA, you must complete these tasks on the NAS:
Configure the required AAA schemes.
Local authentication—Configure local users and the related attributes, including the usernames and passwords of the users to be authenticated.
Remote authentication—Configure the required RADIUS and HWTACACS schemes. You must configure user attributes on the servers accordingly.
Authentication method—No authentication (none), local authentication (local), or remote authentication (scheme)
Authorization method—No authorization (none), local authorization (local), or remote authorization (scheme)
Accounting method—No accounting (none), local accounting (local), or remote accounting (scheme)
Configure AAA methods for the users' ISP domains.
Authentication method—No authentication (none), local authentication (local), or remote authentication (scheme)
Authorization method—No authorization (none), local authorization (local), or remote authorization (scheme)
Accounting method—No accounting (none), local accounting (local), or remote accounting (scheme)
Figure 9: AAA configuration diagram
Table 4: AAA configuration task list
Task | Remarks | |
|---|---|---|
Required. Complete at least one task. | ||
Required. | ||
Optional. | ||
Required. Complete at least one task. | ||
Optional. | ||
Optional. | ||
Optional. | ||
![[NOTE: ]](images/note.png) | NOTE: To use AAA methods to control access of login users, you must configure the user interfaces to use AAA by using the authentication-mode command. For more information about the configuration command, see Fundamentals Command Reference. | |