61
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring AAA for Administrative and Local Access
DWS-1008#
save config
success: configuration saved.
Local Override and Backup Local Authentication
This scenario illustrates how to enable local override authentication for console users. Local
override means that MSS attempts authentication first via the local database. If it finds no
match for the user in the local database, MSS then tries a RADIUS server - in this case,
server
r1
in server group
sg1
. Natasha types the following commands in this order:
DWS-1008#
set user natasha password m@Jor
User natasha created
DWS-1008#
set radius server r1 address 192.168.253.1 key sunFLOW#$
success: change accepted.
DWS-1008#
set server group sg1 members r1
success: change accepted.
DWS-1008#
set authentication console * local sg1
success: change accepted.
DWS-1008#
save config
success: configuration saved.
Natasha also enables backup RADIUS authentication for Telnet administrative users. If the
RADIUS server does not respond, the user is authenticated by the local database in the
DWS-1008 switch. Natasha types the following commands:
DWS-1008#
set authentication admin * sg1 local
success: change accepted.
DWS-1008#
save config
success: configuration saved.
The order in which Natasha enters authentication methods in the
set authentication
command determines the method MSS attempts first. The local database is the first method
attempted for console users and the last method attempted for Telnet administrators.
Authentication When RADIUS Servers Do Not Respond
This scenario illustrates how to enable RADIUS authentication for both console and