Authentication
This scenario shows how to set up AAA authentication for login/Telnet using different AAA methods.
Local Method
Description
An AAA list with the local AAA method is created and assigned to the login system’s authentication. The device then starts a Telnet session with itself to check that access is granted when the correct username and password are used.
Scenario
Step 1: Set the following configuration in DUT0 :
set service telnet set system aaa list list1 method 1 local set system login aaa authentication list1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Init a Telnet connection from DUT0 to IP address 127.0.0.1 :
admin@DUT0$ telnet 127.0.0.1Show output
Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. Linux 6.1.119 (osdx) (pts/1) osdx login: Password: Last login: Fri Jan 10 14:40:48 UTC 2025 on ttyS0 Welcome to Teldat OSDx v4.2.2.1 This system includes free software. Contact Teldat for licenses information and source code. admin@osdx$
Radius Method
Description
A RADIUS server is added to a RADIUS group, which is added to an AAA list. This list is assigned to the login system’s authentication. The device then starts a Telnet session with itself to check that access is granted when the correct username and password are used.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service telnet set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX18aTLSqxL+yKAaCNOXzNzUHGn1vXnGh+owep9EEvSDQ7PRwCatnHgvLGd4c/4sQx5RsUL557MHxHg== set system login aaa authentication list1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.172 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.172/0.172/0.172/0.000 ms
Step 3: Init a Telnet connection from DUT0 to IP address 127.0.0.1 :
admin@DUT0$ telnet 127.0.0.1Show output
Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. Linux 6.1.119 (osdx) (pts/1) osdx login: Password: Welcome to Teldat OSDx v4.2.2.1 This system includes free software. Contact Teldat for licenses information and source code. testing@osdx$
Tacacs Method
Description
A TACACS+ server is added to a TACACS+ group, which is added to an AAA list. This list is assigned to the login system’s authentication. The device then starts a Telnet session with itself to check that access is granted when the correct username and password are used.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service telnet set system aaa group tacacs tacgroup1 server serv1 set system aaa list list1 method 1 group tacacs tacgroup1 set system aaa server tacacs serv1 address 10.215.168.1 set system aaa server tacacs serv1 encrypted-key U2FsdGVkX19mHdLDr5Rpw3qbOBMMZFneoZmmmNIq1yI= set system login aaa authentication list1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.170 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.170/0.170/0.170/0.000 ms
Step 3: Init a Telnet connection from DUT0 to IP address 127.0.0.1 :
admin@DUT0$ telnet 127.0.0.1Show output
Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. Linux 6.1.119 (osdx) (pts/1) osdx login: Password: Welcome to Teldat OSDx v4.2.2.1 This system includes free software. Contact Teldat for licenses information and source code. testing@osdx$