HP A6600 Configuration Manual page 56
Hide thumbs
Also See for A6600:
- Configuration manual (426 pages) ,
- Getting started (222 pages) ,
- Limited warranty (41 pages)
Table of Contents
Advertisement
AAA supports the following authorization methods:
No authorization (none)—The router performs no authorization exchange. After passing
•
authentication, non-login users can access the network, FTP users can access the root directory of
the router, and other login users have only the right of Level 0 (visiting).
Local authorization (local)—The router performs authorization according to the user attributes
•
configured for users.
Remote authorization (scheme)—The router cooperates with a RADIUS or HWTACACS server to
•
authorize users. RADIUS authorization is bound with RADIUS authentication. RADIUS authorization
can work only after RADIUS authentication is successful, and the authorization information is
carried in the Access-Accept message. HWTACACS authorization is separate from HWTACACS
authentication, and the authorization information is carried in the authorization response after
successful authentication. Configure local authorization or no authorization as the backup method
to be used when the remote server is not available.
Before configuring authorization methods, complete the following tasks:
For HWTACACS authorization, configure the HWTACACS scheme to be referenced first. For
1.
RADIUS authorization, the RADIUS authorization scheme must be the same as the RADIUS
authentication scheme. Otherwise, it does not take effect.
Determine the access type or service type to be configured. With AAA, configure an authorization
2.
scheme for each access type and service type, limiting the authorization protocols that can be used
for access.
Determine whether to configure an authorization method for all access types or service types.
3.
To configure AAA authorization methods for an ISP domain:
To do...
1.
Enter system view.
2.
Enter ISP domain view.
3.
Specify the default
authorization method for
all types of users.
4.
Specify the command
authorization method.
5.
Specify the authorization
method for DVPN users.
6.
Specify the authorization
method for LAN users.
7.
Specify the authorization
method for login users.
Command...
system-view
domain isp-name
authorization default { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |
none | radius-scheme radius-scheme-name
[ local ] }
authorization command { hwtacacs-scheme
hwtacacs-scheme-name [ local | none ] |
local | none }
authorization dvpn { local | none | radius-
scheme radius-scheme-name [ local ] }
authorization lan-access { local | none |
radius-scheme radius-scheme-name [ local
| none ] }
authorization login { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |
none | radius-scheme radius-scheme-name
[ local ] }
44
Remarks
—
—
Optional.
local by default.
Optional.
The default authorization
method is used by default.
Optional.
The default authorization
method is used by default.
Optional.
The default authorization
method is used by default.
This command is supported
only on routers with SAP
modules.
Optional.
The default authorization
method is used by default.
Advertisement
Table of Contents
Troubleshooting
