HP A6600 Configuration Manual page 54
Hide thumbs
Also See for A6600:
- Configuration manual (426 pages) ,
- Getting started (222 pages) ,
- Limited warranty (41 pages)
Table of Contents
Advertisement
AAA supports the following authentication methods:
No authentication (none)—All users are trusted, and no authentication is performed. Generally, do
•
not use this method.
Local authentication (local)—Authentication is performed by the NAS, which is configured with the
•
user information, including the usernames, passwords, and attributes. Local authentication provides
high speed and low cost, but the amount of information that can be stored is limited by the
hardware.
Remote authentication (scheme)—The router cooperates with a RADIUS or HWTACACS server to
•
authenticate users. Remote authentication features centralized information management, high
capacity, high reliability, and support for centralized authentication service for multiple routers.
Configure local authentication or no authentication as the backup method to be used when the
remote server is not available. No authentication can only be configured for LAN users as the
backup method of remote authentication.
Configure AAA authentication to work alone without authorization and accounting. By default, an ISP
domain uses the local authentication method.
Before configuring authentication methods, complete the following tasks:
For RADIUS or HWTACACS authentication, configure the RADIUS or HWTACACS scheme to be
•
referenced first. The local and none authentication methods do not require any scheme.
Determine the access type or service type to be configured. With AAA, configure an authentication
•
method for each access type and service type, limiting the authentication protocols that can be
used for access.
Determine whether to configure an authentication method for all access types or service types.
•
To configure AAA authentication methods for an ISP domain:
To do...
1.
Enter system view.
2.
Enter ISP domain view.
3.
Specify the default
authentication method
for all types of users.
4.
Specify the
authentication method
for DVPN users.
5.
Specify the
authentication method
for LAN users.
6.
Specify the
authentication method
for login users.
Command...
system-view
domain isp-name
authentication default { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |
none | radius-scheme radius-scheme-name [
local ] }
authentication dvpn { local | none | radius-
scheme radius-scheme-name [ local ] }
authentication lan-access { local | none |
radius-scheme radius-scheme-name [ local |
none ] }
authentication login { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |
none | radius-scheme radius-scheme-name [
local ] }
42
Remarks
—
—
Optional.
local by default.
Optional.
The default authentication
method is used by default.
Optional.
The default authentication
method is used by default.
This command is supported
only on routers with SAP
modules.
Optional.
The default authentication
method is used by default.
Advertisement
Table of Contents
Troubleshooting
