HP 3600 v2 Series Security Configuration Manual page 54
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (449 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
authorization information to users after successful authorization. Authorization method configuration is
optional in AAA configuration.
AAA supports the following authorization methods:
No authorization (none)—The NAS performs no authorization exchange. After passing
•
authentication, non-login users can access the network, FTP users can access the root directory of
the NAS, and other login users have only the rights of Level 0 (visiting).
Local authorization (local)—The NAS performs authorization according to the user attributes
•
configured for users.
Remote authorization (scheme)—The NAS cooperates with a RADIUS, or HWTACACS server to
•
authorize users. RADIUS authorization is bound with RADIUS authentication. RADIUS authorization
can work only after RADIUS authentication is successful, and the authorization information is
carried in the Access-Accept message. HWTACACS authorization is separate from HWTACACS
authentication, and the authorization information is carried in the authorization response after
successful authentication. You can configure local authorization or no authorization as the backup
method, which will be used when the remote server is not available.
Before configuring authorization methods, complete the following tasks:
For HWTACACS authorization, configure the HWTACACS scheme to be referenced first. For
1.
RADIUS authorization, the RADIUS authorization scheme must be the same as the RADIUS
authentication scheme; otherwise, it does not take effect.
Determine the access type or service type to be configured. With AAA, you can configure an
2.
authorization scheme for each access type and service type, limiting the authorization protocols
that can be used for access.
Determine whether to configure an authorization method for all access types or service types.
3.
Follow these steps to configure AAA authorization methods for an ISP domain:
To do...
Enter system view
Enter ISP domain view
Specify the default
authorization method for all
types of users
Specify the command
authorization method
Specify the authorization
method for LAN users
Specify the authorization
method for login users
Specify the authorization
method for portal users
Use the command...
system-view
domain isp-name
authorization default { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |
none | radius-scheme radius-scheme-name
[ local ] }
authorization command { hwtacacs-scheme
hwtacacs-scheme-name [ local | none ] |
local | none }
authorization lan-access { local | none |
radius-scheme radius-scheme-name [ local |
none ] }
authorization login { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |
none | radius-scheme radius-scheme-name
[ local ] }
authorization portal { local | none |
radius-scheme radius-scheme-name
[ local ] }
43
Remarks
—
—
Optional
local by default
Optional
The default authorization
method is used by default.
Optional
The default authorization
method is used by default.
Optional
The default authorization
method is used by default.
Optional
The default authorization
method is used by default.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
