57
# You can achieve the same result by configuring default AAA methods for all types of users in domain
bbb
.
[Router] domain bbb
[Router-isp-bbb] authentication default hwtacacs-scheme hwtac
[Router-isp-bbb] authorization default hwtacacs-scheme hwtac
[Router-isp-bbb] accounting default hwtacacs-scheme hwtac
[Router-isp-bbb] ip pool 1 200.1.1.1 200.1.1.99
[Router-isp-bbb] quit
# Configure the serial interface.
[Router] interface serial 2/0/1
[Router-Serial2/0/1] link-protocol ppp
[Router-Serial2/0/1] ppp authentication-mode pap domain bbb
[Router-Serial2/0/1] ip address 2.2.2.1 255.255.255.0
[Router-Serial2/0/1] remote address pool 1
[Router-Serial2/0/1] quit
# Configure the Ethernet interface.
[Router] interface gigabitethernet 1/0/1
[Router-Gigabitethernet 1/0/1] ip address 10.1.1.2 255.255.255.0
3.
Verify the configuration.
Initiate a PPP connection from the PPP client, and enter the correct username and password. You pass
authentication, and the PPP client can use the IP address assigned by the router to access the network.
Use
display connection
on the router to view information about the connection.
Level switching authentication for Telnet users by a RADIUS
server
The RADIUS server in this example runs ACSv4.0.
Network requirements
As shown in
, a Telnet user is connected to the router, and the router is connected to the
RADIUS server. Complete the following tasks:
•
Configure the router to use local authentication for the Telnet user and assign the privilege level of
0 for the user to use after login.
•
Configure the router to use the RADIUS server and, if RADIUS authentication is not available, use
local authentication instead for level switching authentication of the Telnet user.