Configuring Aaa Authentication Methods For An Isp Domain - HP 5120 EI Switch Series Configuration Manual

To do...
Enter ISP domain view
Place the ISP domain to the state of
active or blocked
Specify the maximum number of
active users in the ISP domain
Configure the idle cut function
Configure the self-service server
location function
Specify the default authorization
user profile
NOTE:

If a user passes authentication but is authorized with no user profile, the device authorizes the default user profile
of the ISP domain to the user and restricts the user's behavior based on the profile. For more information about
the user profile, see the chapter "User profile configuration."

A self-service RADIUS server, such as Intelligent Management Center (iMC), is required for the self-service server
location function to work. With the self-service function, a user can manage and control his or her accounting
information or card number. A server with self-service software is a self-service server.

Configuring AAA authentication methods for an ISP domain

In AAA, authentication, authorization, and accounting are separate processes. Authentication refers to the
interactive authentication process of username/password/user information during an access or service
request. The authentication process does not send authorization information to a supplicant or trigger
accounting.
AAA supports the following authentication methods:
No authentication (none)—All users are trusted and no authentication is performed. Generally, do

not use this method.
Local authentication (local)—Authentication is performed by the NAS, which is configured with the

user information, including the usernames, passwords, and attributes. Local authentication features
high speed and low cost, but the amount of information that can be stored is limited by the
hardware.
 Remote authentication (scheme)—The access device cooperates with a RADIUS or HWTACACS
server to authenticate users. The device can use the standard RADIUS protocol or extended RADIUS
protocol in collaboration with systems like iMC to implement user authentication. Remote
authentication features centralized information management, high capacity, high reliability, and
support for centralized authentication service for multiple access devices. You can configure local or
Use the command...
domain isp-name
state { active | block }
access-limit enable max-user-
number
idle-cut enable minute [ flow ]
self-service-url enable url-string
authorization-attribute user-
profile profile-name
37
Remarks
—
Optional
By default, an ISP domain is in the
active state, and users in the domain
can request network services.
Optional
No limit by default
Optional
Disabled by default
This command is effective for only
LAN users and portal users.
Optional
Disabled by default
Optional
By default, an ISP domain has no
default authorization user profile.