Configuring Authorization Methods For An Isp Domain - HP MSR Series Configuration Manual
Hpe flexnetwork msr router series
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (684 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
Step
10. Specify the authentication
method for SSL VPN
users.
11. Specify the authentication
method for obtaining a
temporary user role.
Configuring authorization methods for an ISP domain
Configuration prerequisites
Before configuring authorization methods, complete the following tasks:
1.
Determine the access type or service type to be configured. With AAA, you can configure an
authorization scheme for each access type and service type.
2.
Determine whether to configure the default authorization method for all access types or service
types. The default authorization method applies to all access users. However, the method has a
lower priority than the authorization method that is specified for an access type or service type.
Configuration guidelines
When configuring authorization methods, follow these guidelines:
•
The device supports HWTACACS authorization but not LDAP authorization.
•
To use a RADIUS scheme as the authorization method, specify the name of the RADIUS
scheme that is configured as the authentication method for the ISP domain. If an invalid
RADIUS scheme is specified as the authorization method, RADIUS authentication and
authorization fail.
Configuration procedure
To configure authorization methods for an ISP domain:
Step
1.
Enter system view.
2.
Enter ISP domain view.
3.
Specify the default
authorization method for
all types of users.
4.
Specify the authorization
method for ADVPN users.
Command
authentication sslvpn { ldap-scheme
ldap-scheme-name [ local ] [ none ] | local
[ none ] | none | radius-scheme
radius-scheme-name [ local ] [ none ] }
authentication super { hwtacacs-scheme
hwtacacs-scheme-name | radius-scheme
radius-scheme-name } *
Command
system-view
domain isp-name
authorization default
{ hwtacacs-scheme
hwtacacs-scheme-name
[ radius-scheme radius-scheme-name ]
[ local ] [ none ] | local [ none ] | none |
radius-scheme radius-scheme-name
[ hwtacacs-scheme
hwtacacs-scheme-name ] [ local ]
[ none ] }
authorization advpn { local [ none ] |
none | radius-scheme
radius-scheme-name [ local ] [ none ] }
51
Remarks
By default, the default
authentication method is
used for SSL VPN users.
The none keyword is not
supported in FIPS mode.
By default, the default
authentication method is
used for obtaining a
temporary user role.
Remarks
N/A
N/A
By default, the authorization
method is local.
The none keyword is not
supported in FIPS mode.
By default, the default
authorization method is used
for ADVPN users.
The none keyword is not
supported in FIPS mode.
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
