Configuring Authentication Methods For An Isp Domain - H3C S5830V2 Security Configuration Manual
Hide thumbs
Also See for S5830V2:
- Configuration manual (318 pages) ,
- Command reference manual (301 pages) ,
- Installation manual (63 pages)
Table of Contents
Advertisement
Configuring authentication methods for an ISP domain
Configuration prerequisites
Before configuring authentication methods, complete the following tasks:
1.
Determine the access type or service type to be configured. With AAA, you can configure an
authentication method for each access type and service type.
2.
Determine whether to configure the default authentication method for all access types or service
types. The default authentication method applies to all access users, but has a lower priority than
the specific authentication method configured for an access type or service type.
Configuration guidelines
When configuring authentication methods, follow these guidelines:
If you configure an authentication method that references a RADIUS scheme and an authorization
•
method that does not reference a RADIUS scheme, AAA accepts only the authentication result from
the RADIUS server. The Access-Accept message from the RADIUS server also includes the
authorization information, but the device ignores the information.
•
To specify a scheme for user role authentication, make sure the user role is in the format of level-n.
If an HWTACACS scheme is specified, the device uses the entered username for role authentication.
If a RADIUS scheme is specified, the device uses the username $enabn$ on the RADIUS server for
role authentication, where n is the same as that in the target user role level-n.
Configuration procedure
To configure authentication methods for an ISP domain:
Step
1.
Enter system view.
2.
Enter ISP domain view.
3.
Specify the default
authentication method for
all types of users.
4.
Specify the authentication
method for LAN users.
5.
Specify the authentication
method for login users.
Command
system-view
domain isp-name
authentication default { hwtacacs-scheme
hwtacacs-scheme-name [ radius-scheme
radius-scheme-name ] [ local ] [ none ] |
ldap-scheme ldap-scheme-name [ local ]
[ none ] | local [ none ] | none | radius-scheme
radius-scheme-name [ hwtacacs-scheme
hwtacacs-scheme-name ] [ local ] [ none ] }
authentication lan-access { local [ none ] | none
| radius-scheme radius-scheme-name [ local ]
[ none ] }
authentication login { hwtacacs-scheme
hwtacacs-scheme-name [ radius-scheme
radius-scheme-name ] [ local ] [ none ]
ldap-scheme ldap-scheme-name [ local ]
[ none ] | local [ none ] | none | radius-scheme
radius-scheme-name [ hwtacacs-scheme
hwtacacs-scheme-name ] [ local ] [ none ] }
41
Remarks
N/A
N/A
By default, the default
authentication method is
local.
The none keyword is not
supported in FIPS mode.
By default, the default
authentication method is
used for LAN users.
The none keyword is not
supported in FIPS mode.
By default, the default
authentication method is
used for login users.
The none keyword is not
supported in FIPS mode.
Advertisement
Table of Contents
Troubleshooting
