Configuring Aaa Authorization Methods For An Isp Domain - HP 3600 v2 Series Security Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (449 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
To do...
Enter system view
Enter ISP domain view
Specify the default
authentication method for all
types of users
Specify the authentication
method for LAN users
Specify the authentication
method for login users
Specify the authentication
method for portal users
Specify the authentication
method for privilege level
switching
NOTE:
•
The authentication method specified with the authentication default command is for all types of users
and has a priority lower than that for a specific access type.
With an authentication method that references a RADIUS scheme, AAA accepts only the authentication
•
result from the RADIUS server. The Access-Accept message from the RADIUS server also carries the
authorization information, but the authentication process ignores the information.
If you specify the radius-scheme
•
hwtacacs-scheme-name
authentication is the backup method and is used only when the remote server is not available.
If you specify only the local or none keyword in an authentication method configuration command, the
•
switch has no backup authentication method and performs only local authentication or does not perform
any authentication.
If the method for level switching authentication references an HWTACACS scheme, the switch uses the
•
login username of a user for level switching authentication of the user by default. If the method for level
switching authentication references a RADIUS scheme, the system uses the username configured for the
corresponding privilege level on the RADIUS server for level switching authentication, rather than the
login username. A username configured on the RADIUS server is in the format of $enab
level
specifies the privilege level to which the user wants to switch. For example, if user user1 of domain
aaa wants to switch the privilege level to 3, the system uses $enab3@aaa$ for authentication when the
domain name is required and uses $enab3$ for authentication when the domain name is not required.
Configuring AAA authorization methods for an ISP domain
In AAA, authorization is a separate process at the same level as authentication and accounting. Its
responsibility is to send authorization requests to the specified authorization servers and to send
Use the command...
system-view
domain isp-name
authentication default { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |
none | radius-scheme radius-scheme-name
[ local ] }
authentication lan-access { local | none |
radius-scheme radius-scheme-name [ local |
none ] }
authentication login { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |
none | radius-scheme radius-scheme-name
[ local ] }
authentication portal { local | none |
radius-scheme radius-scheme-name [ local ] }
authentication super { hwtacacs-scheme
hwtacacs-scheme-name | radius-scheme
radius-scheme-name }
radius-scheme-name
local option when you configure an authentication method, local
42
Remarks
—
—
Optional
local by default
Optional
The default authentication
method is used by default.
Optional
The default authentication
method is used by default.
Optional
The default authentication
method is used by default.
Optional
The default authentication
method is used by default.
local, hwtacacs-scheme
level
$, where
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
