AAA configuration considerations and task list

To configure AAA, complete the following tasks on the NAS:

  1. Configure the required AAA schemes:

    • Local authentication—Configure local users and the related attributes, including the usernames and passwords, for the users to be authenticated.

    • Remote authentication—Configure the required RADIUS, HWTACACS, and LDAP schemes.

  2. Configure AAA methods for the users' ISP domains. Remote AAA methods need to use the configured RADIUS, HWTACACS, and LDAP schemes.

Figure 11: AAA configuration procedure

To configure AAA, perform the following tasks:

Tasks at a glance

(Required.) Perform a minimum one of the following tasks to configure local users or AAA schemes:

(Required.) Configure AAA methods for ISP domains:

  1. (Required.) Creating an ISP domain

  2. (Optional.) Configuring ISP domain attributes

  3. (Required.) Perform a minimum one of the following tasks to configure AAA authentication, authorization, and accounting methods for the ISP domain:

(Optional.) Configuring the RADIUS session-control feature

(Optional.) Configuring the RADIUS DAS feature

(Optional.) Changing the DSCP priority for RADIUS packets

(Optional.) Configuring the RADIUS attribute translation feature

(Optional.) Setting the maximum number of concurrent login users

(Optional.) Configuring a NAS-ID profile

(Optional.) Configuring the device ID

(Optional.) Configuring the RADIUS server feature