Configuring Authorization Methods For An Isp Domain - H3C S5830V2 Security Configuration Manual
Hide thumbs
Also See for S5830V2:
- Configuration manual (318 pages) ,
- Command reference manual (301 pages) ,
- Installation manual (63 pages)
Table of Contents
Advertisement
Step
6.
Specify the authentication
method for obtaining a
temporary user role.
Configuring authorization methods for an ISP domain
Configuration prerequisites
Before configuring authorization methods, complete the following tasks:
1.
Determine the access type or service type to be configured. With AAA, you can configure an
authorization scheme for each access type and service type.
2.
Determine whether to configure the default authorization method for all access types or service
types. The default authorization method applies to all access users, but it has a lower priority than
the authorization method that is specified for an access type or service type.
Configuration guidelines
When configuring authorization methods, follow these guidelines:
The device does not support LDAP authorization.
•
To configure RADIUS authorization, also configure RADIUS authentication, and reference the same
•
RADIUS scheme for RADIUS authentication and authorization. If the RADIUS authorization
configuration is invalid or RADIUS authorization fails, the RADIUS authentication also fails.
Configuration procedure
To configure authorization methods for an ISP domain:
Step
1.
Enter system view.
2.
Enter ISP domain view.
3.
Specify the default
authorization method for
all types of users.
4.
Specify the command
authorization method.
5.
Specify the authorization
method for LAN users.
Command
authentication super { hwtacacs-scheme
hwtacacs-scheme-name | radius-scheme
radius-scheme-name } *
Command
system-view
domain isp-name
authorization default { hwtacacs-scheme
hwtacacs-scheme-name [ radius-scheme
radius-scheme-name ] [ local ] [ none ] |
local [ none ] | none | radius-scheme
radius-scheme-name [ hwtacacs-scheme
hwtacacs-scheme-name ] [ local ] [ none ] }
authorization command { hwtacacs-scheme
hwtacacs-scheme-name [ local [ none ] |
local [ none ] | none }
authorization lan-access { local [ none ] |
none | radius-scheme radius-scheme-name
[ local ] [ none ] }
42
Remarks
By default, the default
authentication method is
used for obtaining a
temporary user role.
Remarks
N/A
N/A
By default, the authorization
method is local.
The none keyword is not
supported in FIPS mode.
By default, the default
authorization method is used
for command authorization.
The none keyword is not
supported in FIPS mode.
By default, the default
authorization method is used
for LAN users.
The none keyword is not
supported in FIPS mode.
Advertisement
Table of Contents
Troubleshooting
