Aaa commands, Configuring aaa, Aaa commands -26 configuring aaa -26 – Enterasys Networks Security Router X-PeditionTM User Manual

VPN Configuration Overview

14-26 Configuring the Virtual Private Network

AAA Commands

The following XSR AAA commands useful for VPN configuration include:

•

Configure users and groups with

aaa user

and

aaa group

commands as well as the

following sub-commands:

–

policy

specifies SSH, Telnet, Firewall or VPN service for users

–

dns-server

and

wins server

configure the IP addresses of primary and secondary DNS

and WINS servers to distribute to remote access users and connecting XSRs.

–

ip pool

associates a globally defined IP address pool (set with

ip local pool

) with a

user group. When a remote access user or XSR connects, an IP address is distributed from
this pool. Be aware that if an AAA user is configured to use a static IP address which
belongs to a local IP pool, you must exclude that address from the local pool.

–

pptp encrypt mppe

configures Microsoft Point-to-Point Encryption on a PPTP link.

–

ip address

and

group

set the IP address and usergroup assigned to the remote user.

•

Configure RADIUS, local or PKI databases with the

aaa method

command as well as the

following sub-commands:

–

acct-port

sets the UDP port for accounting requests.

–

address

specifies the RADIUS server address with either a host name or IP address.

–

attempts

sets the total of consecutive, unanswered login attempts that must transpire

before the RADIUS method’s backup method is used.

–

auth-port

specifies the UDP port for authentication requests.

–

enable

activates the method.

–

group

specifies the default usergroup.

–

hash enable

initializes the hash algorithm used for RADIUS.

–

key

sets the shared secret used between the XSR and RADIUS server.

–

retransmit

specifies the number of RADIUS server retransmissions sent to a server

before timing out.

–

timeout

sets the interval the XSR waits for the RADIUS server to reply before

retransmitting.

–

backup

sets the name for the backup RADIUS method.

•

Configure pre-shared keys with

aaa user

and

password

Configuring AAA

Pre-shared keys used in a Peer-to-Peer tunnel are configured using the

aaa user

command:

•

The Username is the IP address of a peer

•

The Password is the pre-shared key

To specify a user and password, enter the following commands:

XSR(config)#aaa user <xxx.xxx.xxx.xxx>

Caution: We recommend that you do not create more AAA users than permitted by the 1.5 MByte
system limit imposed on the user.dat file. Doing so may render the XSR unstable and require
you to delete the file.