Note:
•
server priority priority_number
: Must be an integer from 1 to 3 (
releases prior to 18.2
) or 1 through
4 (
releases 18.2+
), that specifies the order in which this server will be tried for
authentication. 1 is the highest priority, and 3 or 4 is the lowest. The priority number corresponds to a
configured server.
•
ip-address
: Must be the IPv4 address of a valid server that will be used for authenticating
administrative users accessing this system via AAA services.
•
By default, the configuration will provide authentication, authorization, and accounting
services.
Enable on the ASR 5x00:
configure
aaa
end
Save the configuration as described in the
Verifying and Saving Your Configuration
chapter.
For complete information on all Configuration Mode commands and options, refer to the
TACACS Configuration Mode Commands
chapter of the
Command Line Reference
.
Important
Configuring for Non-local VPN Authentication
By default authentication is associated with login to the local context. authentication
can also be configured for non-local context VPN logins. must configured and enabled with the
option described below.
A
stop
keyword option is available for the Configuration mode
on-unknown-user
command. If
is enabled with the command-keyword option, the VPN context name into which the user is
attempting a login must match the VPN name specified in the username string. If the context name does not
match, the login fails and exits out.
Without this option the login sequence will attempt to authenticate in another context via an alternative login
method. For example, without the
on-unknown-user stop
configuration, an admin account could log into
the local context via the non-local VPN context. However, with the
on-unknown-user stop
configuration,
the local context login would not be attempted and the admin account login authentication would fail.
configure
tacacs mode
on-unkown-user stop ?
end
Verifying the Configuration
This section describes how to verify the configuration:
Log out of the system CLI, then log back in using services.
ASR 5000 System Administration Guide, StarOS Release 21.1
57
System Settings
Configuring for Non-local VPN Authentication
Summary of Contents for ASR 5000
Page 26: ...ASR 5000 System Administration Guide StarOS Release 21 1 xxvi Contents ...
Page 316: ...ASR 5000 System Administration Guide StarOS Release 21 1 288 VLANs VLAN Related CLI Commands ...
Page 400: ...ASR 5000 System Administration Guide StarOS Release 21 1 372 Engineering Rules ECMP Groups ...