Configuring Authorization Methods For An Isp Domain - HP 6600 Security Configuration Manual
Hide thumbs
Also See for 6600:
- Command reference manual (286 pages) ,
- Configuration manual (236 pages) ,
- Installation and getting started manual (103 pages)
Table of Contents
Advertisement
Step
7.
Specify the
authentication method
for portal users.
8.
Specify the
authentication method
for PPP users.
9.
Specify the
authentication method
for SSL VPN users.
10.
Specify the
authentication method
for privilege level
switching.
Configuring authorization methods for an ISP domain
In AAA, authorization is a separate process at the same level as authentication and accounting. Its
responsibility is to send authorization requests to the specified authorization servers and to send
authorization information to users after successful authorization. Authorization method configuration is
optional in AAA configuration.
AAA supports the following authorization methods:
No authorization (none)—The NAS performs no authorization exchange. After passing
•
authentication, non-login users can access the network, FTP users can access the root directory of
the NAS, and other login users have Level 0 (visiting) access.
Local authorization (local)—The NAS performs authorization according to the user attributes
•
configured for users.
Remote authorization (scheme)—The NAS cooperates with a RADIUS or HWTACACS server to
•
authorize users. RADIUS authorization is bound with RADIUS authentication. RADIUS authorization
can work only after RADIUS authentication is successful, and the authorization information is
carried in the Access-Accept message. HWTACACS authorization is separate from HWTACACS
authentication, and the authorization information is carried in the authorization response after
successful authentication. You can configure local authorization or no authorization as the backup
method. The backup method will be used when the remote server is not available.
Configuration prerequisites
Before configuring authorization methods, complete the following tasks:
1.
For HWTACACS authorization, configure the HWTACACS scheme to be referenced first. For
RADIUS authorization, the RADIUS authorization scheme must be the same as the RADIUS
authentication scheme. Otherwise, it does not take effect.
2.
Determine the access type or service type to be configured. With AAA, you can configure an
authorization scheme for each access type and service type to limit the authorization protocols that
can be used for access.
3.
Determine whether to configure an authorization method for all access types or service types.
Command
authentication portal { local | none |
radius-scheme radius-scheme-name [ local ] }
authentication ppp { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |
none | radius-scheme radius-scheme-name
[ local ] }
authentication ssl-vpn radius-scheme
radius-scheme-name
authentication super { hwtacacs-scheme
hwtacacs-scheme-name | radius-scheme
radius-scheme-name }
49
Remarks
Optional.
The default authentication
method is used by default.
Optional.
The default authentication
method is used by default.
Optional.
The default authentication
method is used by default.
Optional.
The default authentication
method is used by default.
Advertisement
Table of Contents
Troubleshooting
