Configuring Authentication Methods For An Isp Domain - HP FlexFabric 5930 Series Security Configuration Manual

Hide thumbs Also See for FlexFabric 5930 Series:

Configuration manuals (467 pages)

Command reference manual (87 pages)

Installation manual (73 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

Table of Contents

Step

Enter system view.

Enter ISP domain view.

Place the ISP domain in active

or blocked state.

Configure authorization

attributes for authenticated

users in the ISP domain.

Configuring authentication methods for an ISP domain

Configuration prerequisites

Before configuring authentication methods, complete the following tasks:

Determine the access type or service type to be configured. With AAA, you can configure an

authentication method for each access type and service type.

Determine whether to configure the default authentication method for all access types or service

types. The default authentication method applies to all access users, but has a lower priority than

the specific authentication method configured for an access type or service type.

Configuration guidelines

When configuring authentication methods, follow these guidelines:

If you configure an authentication method that references a RADIUS scheme and an authorization

•

method that does not reference a RADIUS scheme, AAA accepts only the authentication result from

the RADIUS server. The Access-Accept message from the RADIUS server also includes the

authorization information, but the device ignores the information.

•

To specify a scheme for user role authentication, make sure the user role is in the format of level-n.

If an HWTACACS scheme is specified, the device uses the entered username for role authentication.

If a RADIUS scheme is specified, the device uses the username $enabn$ on the RADIUS server for

role authentication, where n is the same as that in the target user role level-n.

Configuration procedure

To configure authentication methods for an ISP domain:

Step

Enter system view.

Enter ISP domain view.

Specify the default

authentication method for

all types of users.

Command

system-view

domain isp-name

state { active | block }

authorization-attribute idle-cut

minute [ flow ]

Command

system-view

domain isp-name

authentication default { hwtacacs-scheme

hwtacacs-scheme-name [ radius-scheme

radius-scheme-name ] [ local ] [ none ] | local

[ none ] | none | radius-scheme

radius-scheme-name [ hwtacacs-scheme

hwtacacs-scheme-name ] [ local ] [ none ] }

Remarks

N/A

By default, an ISP domain is in

active state, and users in the

domain can request network

services.

By default, the authorization

attributes are not configured and

the idle cut function is disabled.

Remarks

N/A

By default, the default

authentication method is

local.

Table of Contents

Configuring Authentication Methods For An Isp Domain - HP FlexFabric 5930 Series Security Configuration Manual

Configuring authentication methods for an ISP domain

Troubleshooting

Related Manuals for HP FlexFabric 5930 Series

Related Content for HP FlexFabric 5930 Series

Table of Contents