Configuring Authentication Methods For An Isp Domain - HP MSR Series Configuration Manual
Hpe flexnetwork msr router series
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (684 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
Step
4.
Configure authorization
attributes for authenticated
users in the ISP domain.
5.
Configure the device to
include the idle cut period or
user online detection period
in the user online duration to
be sent to the server.
6.
Specify the user address
type in the ISP domain.
7.
Specify the service type for
users in the ISP domain.
8.
Specify the ITA policy for
users in the ISP domain.
Configuring authentication methods for an ISP domain
Configuration prerequisites
Before configuring authentication methods, complete the following tasks:
1.
Determine the access type or service type to be configured. With AAA, you can configure an
authentication method for each access type and service type.
2.
Determine whether to configure the default authentication method for all access types or
service types. The default authentication method applies to all access users. However, the
method has a lower priority than the authentication method that is specified for an access type
or service type.
Configuration guidelines
When configuring authentication methods, follow these guidelines:
•
If the authentication method uses a RADIUS scheme and the authorization method does not
use a RADIUS scheme, AAA accepts only the authentication result from the RADIUS server.
The Access-Accept message from the RADIUS server also includes the authorization
information, but the device ignores the information.
•
If an HWTACACS scheme is specified, the device uses the entered username for role
authentication. If a RADIUS scheme is specified, the device uses the username $enabn$ on
Command
authorization-attribute { acl
acl-number | car inbound cir
committed-information-rate [ pir
peak-information-rate ] outbound
cir committed-information-rate
[ pir peak-information-rate ] |
idle-cut minute [ flow ] | igmp
max-access-number number |
ip-pool pool-name | ipv6-pool
ipv6-pool-name | ipv6-prefix
ipv6-prefix prefix-length | mld
max-access-number number |
{ primary-dns | secondary-dns }
{ ip ipv4-address | ipv6
ipv6-address } |
session-group-profile
session-group-profile-name | url
url-string | user-group
user-group-name | user-profile
profile-name | vpn-instance
vpn-instance-name }
session-time include-idle-time
user-address-type { ds-lite |
ipv6 | nat64 | private-ds |
private-ipv4 | public-ds |
public-ipv4 }
service-type { hsi | stb | voip }
ita-policy policy-name
49
Remarks
By default, the authorization
attributes are not configured and
the idle cut function is disabled.
By default, the user online
duration sent to the server does
not include the idle cut period or
user online detection period.
By default, no user address type is
specified.
By default, the service type is hsi.
By default, no ITA policy is
specified.
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
