Router User Manual
Nortel Secure Router 8000 Series
Troubleshooting - VAS 1 AAA troubleshooting
Issue 01.01 (30 March 2009) Nortel Networks Inc. 1-5
z
non-authentication
z
RADIUS authentication
z
HWTACACS authentication
AAA also allows a random combination of the four modes.
Configure the authentication mode in the authentication scheme view. By default, local
authentication is used. Use non-authentication mode only as a last option.
The authentication-mode radius local command uses the RADIUS authentication mode first.
If that fails, it uses the local authentication mode.
Authorization schemes and modes
AAA supports four authorization modes:
z
local authorization
z
direct authorization
z
if-authenticated authorization
z
HWTACACS authorization
AAA also allows a random combination of the four modes.
The authorization-mode hwtacacs local command indicates to use the HWTACACS
authorization mode first. When that fails, it uses the local authorization mode.
In a combination containing the direct authentication mode, direct authentication should be
last, such as authorization-mode hwtacacs local none.
By default, use the local authentication mode. RADIUS performs authentication together with
authorization. RADIUS authorization does not exist.
Accounting schemes and modes
AAA supports six accounting modes:
z
local accounting
z
non-accounting
z
RADIUS accounting
z
HWTACACS accounting
z
combination of RADIUS and local accounting
z
combination of HWTACACS and local accounting
By default, the non-accounting mode is used.
Configure the hot billing interval in the accounting scheme. By default, the interval is 5
minutes.
1.1.4 Server templates
RADIUS server template
The RADIUS server template describes details of the RADIUS server. On the RADIUS server
template, you can configure authentication and accounting servers or backup authentication
and accounting servers as required.