R2511-HP MSR Router Series Security Configuration Guide(V5)
15
• X.25 PAD users
• Portal users—Users who must pass portal authentication to access the network.
• PPP users—Users who access through PPP.
• VoIP users—Users who use the VoIP service.
• SSL VPN users—Users who access through SSL VPN.
In addition, AAA provides the following services for login users to enhance device security:
• Command authorization—Enables the NAS to defer to the authorization server to determine
whether a command entered by a login user is permitted, and allows login users to execute only
authorized commands. For more information about command authorization, see Fundamentals
Configuration Guide.
• Command accounting—Allows the accounting server to record all commands executed on the
device or all authorized commands successfully executed. For more information about command
accounting, see Fundamentals Configuration Guide.
• Level switching authentication—Allows the authentication server to authenticate users who perform
privilege level switching. As long as passing level switching authentication, users can switch their
user privilege levels, without logging out and disconnecting current connections. For more
information about user privilege level switching, see Fundamentals Configuration Guide.
You can configure different AAA methods for different types of users in a domain. See "Configuring AAA
meth
ods for ISP domains."
RADIUS server feature of the router
The following matrix shows the feature and router compatibility:
Feature MSR900 MSR93X MSR20-1X MSR20 MSR30 MSR50 MSR1000
RADIUS
server
No No Yes Yes Yes No Yes
Typically, the RADIUS server runs on a computer or workstation, and the RADIUS client runs on a NAS.
You can also use the device as a RADIUS server, as shown in Figure 8. T
his deployment is typically used
for a cluster, where you can configure the cluster management device as a RADIUS server to cooperate
with access-layer cluster member devices to provide authentication and authorization.