Why must the administrator pass AAA authentication

3

To ensure device security, the administrator must be authenticated by AAA authentication in local or remote authentication mode. The administrator, however, can log in to the device in non-authentication mode in the VTY interface view.

Other related questions:
The administrator cannot pass authentication if the administrator's authentication mode is changed to RADIUS authentication on an S series switch
The administrator cannot pass authentication if the administrator's authentication mode is changed to RADIUS authentication. For S series switches (except the S1700), such an authentication failure occurs because the entered user name does not contain a domain name. You need to check whether the user name on the authentication server contains a domain name. - If the user name on the authentication server contains a domain name, run the radius-server user-name domain-included command in the RADIUS server template view or run the hwtacacs-server user-name domain-included command in the HWTACACS server template view. - If the user name on the authentication server does not contain a domain name, run the undo radius-server user-name domain-included command in the RADIUS server template view or run the undo hwtacacs-server user-name domain-included command in the HWTACACS server template view.

Can the authentication mode of an AR router administrator user be set only to No authentication on the AAA side
To improve device security, administrator users are required to be authenticated on the AAA side as well.

Why administrators are not allowed to use no-authentication on the AR
To improve security of the AR, administrators are not allowed to use no-authentication.

Does the SBC need to pass through the firewall?
The SBC can be deployed behind the firewall and is mapped to the public network through the firewall. Alternatively, the SBC can be directly deployed on the public network and two network ports are configured for the SBC to connect to the intranet and extranet separately.

Why non-authentication cannot be used for the administrator on an AR
To improve the security of the AR, administrators are not allowed to use no-authentication.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top