How to configure AAA Login local authentication and radius authentication?
1. Networking requirementsConfigure the AAA list to be invoked during telnet and SSH login.
2. Topology
data/attachment/forum/202301/30/154338z2arqqkq6bzcqrmr.png
3. Key points
1. Switch can be connected through telnet and SSH.
2. Configure AAA local authentication.
3. Configure AAA radius authentication.
4. Configuration step:
(1) AAA local authentication
Ruijie>enable
Ruijie#config terminal
Ruijie(config)#username admin1 password admin1 ----->configure local username and password
Ruijie(config)#username admin2 password admin2
Ruijie(config)#aaa new-model ------>enable AAA function
Ruijie(config)#aaa authentication login default local ------>apply username and password from local switch
Ruijie(config)#line vty 0 4
Ruijie(config-line)#login authentication default ------>apply login auth in vty mode
Ruijie(config-line)#exit
Ruijie(config)#line console 0 ------> You are advised to use telnet or SSH to verify the line vty configuration successfully first, then configure line console
Ruijie(config-line)#login authentication default ------>apply login auth in console mode
Ruijie(config-line)#exit
Ruijie(config)#exit
Ruijie#write
(2) AAA radius authentication
Ruijie>enable
Ruijie#config terminal
Ruijie(config)#aaa new-model ------>enable AAA function
Ruijie(config)#aaa authentication login ruijie-1
group radius local none ------>If a radius server is available, you can set the account password for apply the radius service and configure the radius server and key.
//(Not necessary)
Ruijie(config)#aaa authentication login ruijie-1group radius local -----> If you log in using your local user name and password after radius authentication fails
//(Not necessary)
Ruijie(config)#aaa authentication login ruijie-1group radius local none----->If you log in using the local user name and password after the radius authentication fails, noauthentication is required after the local login fails
Ruijie(config)#radius-server host 192.168.100.1 keyruijie ------>The radius address and key can be changed as required, and ensure that the switchcan properly communicate with the server
Ruijie(config)#line vty 0 4
Ruijie(config-line)#login authentication ruijie-2------>apply login auth in vty mode, call ruijie-1 list
Ruijie(config-line)#exit
Ruijie(config)#line console 0 ------>You are advised to use telnet or SSH to verify the linevty configuration successfully first, then configure line console
Ruijie(config-line)#login authentication ruijie-2------>apply login auth in console mode, call ruijie-2 list
Ruijie(config-line)#exit
Ruijie(config)#username admin1 password admin1 ----->configure local username and password
Ruijie(config)#username admin2 password admin2
Ruijie(config)#exit
Ruijie#write
5. Result Verification
telnet login:
data/attachment/forum/202301/30/154417o5w7ajak7hwaatz9.png
Username and password login:
data/attachment/forum/202301/30/154435xdfddd1oedgzwoez.png
Pages:
[1]