Configuring Aaa Methods For Isp Domains; Configuration Prerequisites; Creating An Isp Domain - HPE FlexFabric 7900 Series Security Configuration Manual

Step
5. Set the server quiet timer.
Displaying and maintaining HWTACACS
Execute display commands in any view and reset commands in user view.
Task
Display the configuration or server
statistics of HWTACACS schemes.
Clear HWTACACS statistics.

Configuring AAA methods for ISP domains

You configure AAA methods for an ISP domain by specifying configured AAA schemes in ISP
domain view. Each ISP domain has a set of system-defined AAA methods, which are local
authentication, local authorization, and local accounting. If you do not configure any AAA methods
for an ISP domain, the device uses the system-defined AAA methods for users in the domain.
AAA is available to login users after you enable scheme authentication for the users. For more
information about the login authentication modes, see Fundamentals Configuration Guide.

Configuration prerequisites

To use local authentication for users in an ISP domain, configure local user accounts on the device
first. See "Configuring local user
To use remote authentication, authorization, and accounting, create the required RADIUS and
HWTACACS schemes. For more information about the scheme configuration, see
RADIUS schemes" and

Creating an ISP domain

In a networking scenario with multiple ISPs, the device can connect to users of different ISPs, and
these users can have different user attributes, such as different username and password structures,
different service types, and different rights. To manage users of different ISPs, configure ISP
domains, and configure AAA methods and domain attributes for each ISP domain as needed.
The device supports a maximum of 16 ISP domains, including the system-defined ISP domain
system. You can specify one of the ISP domains as the default domain. You can modify the settings
of the ISP domain system, but you cannot delete the domain.
On the device, each user belongs to an ISP domain. If a user does not provide an ISP domain name
at login, the device considers the user belongs to the default ISP domain.
An ISP domain cannot be deleted when it is the default ISP domain. Before you use the undo
domain command, change the domain to a non-default ISP domain by using the undo domain
default enable command.
To create an ISP domain:
Command
timer quiet minutes
Command
display hwtacacs scheme [ hwtacacs-server-name
[ statistics ]
reset hwtacacs statistics { accounting | all | authentication |
authorization }
attributes."
"Configuring HWTACACS
33
Remarks
many system resources. When
there are 1000 or more users, set
a longer interval.
By default, the server quiet timer
is 5 minutes.
schemes."
"Configuring