Configuring Authentication Methods For An Isp Domain - HP MSR2000 Configuration Manual
Hide thumbs
Also See for MSR2000:
- Configuration manual (455 pages) ,
- Manual (73 pages) ,
- High availability configuration manual (91 pages)
Table of Contents
Advertisement
Maximum number of online users—The device controls the number of online users in a domain to
•
ensure the system performance and service reliability.
Authorization attributes—The device assigns the authorization attributes in the ISP domain to the
•
authenticated users who do not receive authorization attributes from the server.
An ISP domain attribute applies to all users in the domain.
To configure ISP domain attributes:
Step
1.
Enter system view.
2.
Enter ISP domain view.
3.
Place the ISP domain to the
active or blocked state.
4.
Specify the maximum number
of online users in the ISP
domain.
5.
Configure authorization
attributes for authenticated
users in the ISP domain.
Configuring authentication methods for an ISP domain
Configuration prerequisites
Before configuring authentication methods, complete the following tasks:
1.
For RADIUS or HWTACACS authentication, configure the RADIUS or HWTACACS scheme to be
referenced first. The local and none authentication methods do not require a scheme.
2.
Determine the access type or service type to be configured. With AAA, you can configure an
authentication method for each access type and service type.
3.
Determine whether to configure the default authentication method for all access types or service
types. The default authentication method applies to all access users, but it has a lower priority than
the authentication method that is specified for an access type or service type.
Configuration guidelines
When configuring authentication methods, follow these guidelines:
If you configure an authentication method that references a RADIUS scheme and an authorization
•
method that does not reference a RADIUS scheme, AAA accepts only the authentication result from
the RADIUS server. The Access-Accept message from the RADIUS server also includes the
authorization information, but the device ignores the information.
To specify a scheme for user role authentication, make sure the user role is in the format of level-n.
•
If an HWTACACS scheme is specified, the device uses the entered username for role authentication.
If a RADIUS scheme is specified, the device uses the username $enabn$ on the RADIUS server for
role authentication, where n is the same as that in the target user role level-n.
Configuration procedure
To configure authentication methods for an ISP domain:
Command
system-view
domain isp-name
state { active | block }
access-limit enable
max-user-number
authorization-attribute { idle-cut
minute [ flow ] | ip-pool
pool-name }
36
Remarks
N/A
N/A
By default, an ISP domain is in
active state, and users in the
domain can request network
services.
By default, there is no limit to the
maximum number of online users.
By default, the authorization
attributes are not configured and
the idle cut function is disabled.
Advertisement
Table of Contents
Troubleshooting
