Configuring Authentication Methods For An Isp Domain - HP 6600 Security Configuration Manual
Hide thumbs
Also See for 6600:
- Command reference manual (286 pages) ,
- Configuration manual (236 pages) ,
- Installation and getting started manual (103 pages)
Table of Contents
Advertisement
Step
7.
Define an IP address pool
for allocating addresses to
PPP users.
8.
Specify the default
authorization user profile.
9.
Set the device to include the
idle cut time in the user
online time to be uploaded
to the server.
Configuring authentication methods for an ISP domain
In AAA, authentication, authorization, and accounting are separate processes. Authentication refers to
the interactive authentication process of username/password/user information during an access or
service request. The authentication process neither sends authorization information to a supplicant nor
triggers any accounting.
AAA supports the following authentication methods:
No authentication (none)—No authentication is performed. This method trusts all users and is not
•
for general use.
•
Local authentication (local)—Authentication is performed by the NAS, which is configured with the
user information, including the usernames, passwords, and attributes. Local authentication allows
high speed and low cost, but the amount of information that can be stored is limited by the size of
the storage space.
Remote authentication (scheme)—The NAS cooperates with a RADIUS or HWTACACS server to
•
authenticate users. Remote authentication provides centralized information management, high
capacity, high reliability, and support for centralized authentication service for multiple NASs. You
can configure local or no authentication as the backup method, which will be used when the remote
server is not available. The no authentication method can only be configured for LAN users as the
backup method of remote authentication.
You can configure AAA authentication to work alone without authorization and accounting.
By default, an ISP domain uses the local authentication method.
Configuration prerequisites
Before configuring authentication methods, complete the following tasks:
For RADIUS or HWTACACS authentication, configure the RADIUS or HWTACACS scheme to be
•
referenced first. Local and none authentication methods do not require a scheme.
Determine the access type or service type to be configured. With AAA, you can configure an
•
authentication method for each access type and service type to limit the authentication protocols
that users can use for access.
Determine whether to configure the default authentication method for all access types or service
•
types.
Command
ip pool pool-number
low-ip-address [ high-ip-address ]
authorization-attribute
user-profile profile-name
session-time include-idle-time
47
Remarks
Optional.
By default, no IP address pool is
configured for PPP users.
Optional.
By default, an ISP domain has no
default authorization user profile.
Optional.
By default, the user online time
uploaded to the server excludes the
idle cut time.
Advertisement
Table of Contents
Troubleshooting
