Create Users for AAA and Remote Authentication Server

To create users for AAA and the remote authentication server:

1.   Log in to the GigaVUE node as the administrator, externally authenticated.
2. Create a local role, for example, netops.
3. Create a local user, for example, networker.
4. Login to your authentication server as the administrator.
5. Create a user with the same name, for example, networker,
6. Create a role with the same name, for example, netops.
7. Either change the authorization rule or add a new rule for the netops group. Be careful not to lockout any users not in this group.

To display or create this configuration, select Settings > Authentication > AAA. The example configuration is shown in the following figure.

The settings in the example configuration are as follows:

■   AAA authorization:
o   Map Order: Remote Only means the user has a local account matching the external username account.
o   Map Default User: networker is a common user member of internal netops role and TACACS+ netops group.
■   Authentication method(s):
o   Tacacs means that TACACS+ is the only authentication method.

Configure AAA Authorization

For details on the AAA authorization command, refer to Overview of the AAA Page.

1 How the map order Argument Works

Example

The following steps demonstrate how to set up authentication using RADIUS with a fallback to local if no RADIUS server is available. Select Settings > Authentication > AAA.

8. On the AAA page, do the following:

Use RADIUS authentication first, followed by local authentication.

o   Set First Priority to Radius.
o   Set Second Priority to Local.

If the external user also exists in the local database, use the specified local account. Otherwise, use the account specified by Map Default User.

If the external user does not exist in the local database, use the admin account instead. This is only done if Map Order is set to Remote First or Local.

o   Set Map Order to Remote First.
o   Set Map Default User to admin.

Click Save to save the configuration.

9. Add a RADIUS Server.

These steps add a RADIUS server at IPv4 address 192.168.0.62 to the GigaVUE HC Series node’s list.

a. Select Settings > Authentication > Radius.
b. Click Add. The Add Radius Server page displays.
c. For Enabled select Yes.
d. In the Server IP field, enter 192.168.0.62
e. In the Key field, enter gigamon.
f. Click Save.
10. Allow the RADIUS server to include additional roles for a remotely authenticated user in the response. Refer to Grant Roles with External Authentication Servers.