Configuring Aaa Schemes; Configuring Local Users - HPE FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Network management and monitoring command reference (423 pages) ,
- Configuration manual (407 pages)
Table of Contents
Advertisement
Tasks at a glance
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
Configuring AAA schemes
This section includes information on configuring local users, RADIUS schemes, HWTACACS
schemes, and LDAP schemes.
Configuring local users
To implement local authentication, authorization, and accounting, create local users and configure
user attributes on the device. The local users and attributes are stored in the local user database on
the device. A local user is uniquely identified by the combination of a username and a user type.
Local users are classified into the following types:
•
Device management user—User who logs in to the device for device management.
•
Network access user—User who accesses network resources through the device. Network
access users also include guests who access the network temporarily. Guests can use only
LAN and portal services.
The following shows the configurable local user attributes:
•
Description—Descriptive information of the user.
•
Service type—Services that the user can use. Local authentication checks the service types of
a local user. If none of the service types is available, the user cannot pass authentication.
Service types include FTP, HTTP, HTTPS, LAN access, portal, SSH, Telnet, and terminal.
•
User state—Whether or not a local user can request network services. There are two user
states: active and blocked. A user in active state can request network services, but a user in
blocked state cannot.
•
Upper limit of concurrent logins using the same user name—Maximum number of users
who can concurrently access the device by using the same user name. When the number
reaches the upper limit, no more local users can access the device by using the user name.
•
User group—Each local user belongs to a local user group and has all attributes of the group.
The attributes include the password control attributes and authorization attributes. For more
information about local user group, see
•
Binding attributes—Binding attributes control the scope of users, and are checked during
local authentication of a user. If the attributes of a user do not match the binding attributes
configured for the local user account, the user cannot pass authentication. Binding attributes
include the IP address, access port, MAC address, and native VLAN. For support and usage
information about binding attributes, see
•
Authorization attributes—Authorization attributes indicate the user's rights after it passes
local authentication. For support information about authorization attributes, see
non-guest local user
Configure the authorization attributes based on the service type of local users.
You can configure an authorization attribute in user group view or local user view. The setting of
an authorization attribute in local user view takes precedence over the attribute setting in user
group view.
Configuring the RADIUS attribute translation feature
Setting the maximum number of concurrent login users
Configuring a NAS-ID profile
Configuring the device ID
Configuring the RADIUS server feature
attributes."
"Configuring user group
"Configuring non-guest local user
21
attributes."
attributes."
"Configuring
Advertisement
Table of Contents
Troubleshooting
