R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
137
• Remote authentication (scheme)—The LB module cooperates with a RADIUS server to authenticate
users. Remote authentication provides centralized information management, high capacity, high
reliability, and support for centralized authentication service for multiple NASs. You can configure
local or no authentication as the backup method, which will be used when the remote server is not
available. No authentication can only be configured for LAN users as the backup method of remote
authentication.
You can configure AAA authentication to work alone without authorization and accounting. By default,
an ISP domain uses the local authentication method.
Before configuring authentication methods, complete the following tasks:
• For RADIUS authentication, configure the RADIUS scheme to be referenced first. The local and none
authentication methods do not require a scheme.
• Determine the access mode or service type to be configured. With AAA, you can configure an
authentication method specifically for each access mode and service type, limiting the
authentication protocols that can be used for access.
• Determine whether to configure an authentication method for all access modes or service types.
Follow these steps to configure AAA authentication methods for an ISP domain:
To do… Use the command…
Remarks
Enter system view system-view —
Enter ISP domain view domain isp-name —
Specify the default authentication
method for all types of users
authentication default { local |
none | radius-scheme
radius-scheme-name [ local ] }
Optional
local by default
Specify the authentication method
for login users
authentication login { local | none
| radius-scheme
radius-scheme-name [ local ] }
Optional
The default authentication method
is used by default.
Specify the authentication method
for privilege level switching
authentication super
{ radius-scheme
radius-scheme-name }
Optional
The default authentication method
is used by default.