Configuration Prerequisites; Creating An Isp Domain; Configuring Isp Domain Attributes - HP FlexFabric 5700 Series Security Configuration Manual
Hide thumbs
Also See for FlexFabric 5700 Series:
- Configuration manual (185 pages) ,
- Configuration manual (125 pages) ,
- Configuration manual (63 pages)
Table of Contents
Advertisement
Configuration prerequisites
To use local authentication for users in an ISP domain, configure local user accounts on the device first.
See
"Configuring local user
To use remote authentication, authorization, and accounting, create the required RADIUS, HWTACACS,
or LDAP schemes. For more information about the scheme configuration, see
schemes,"
"Configuring HWTACACS
Creating an ISP domain
In a networking scenario with multiple ISPs, the device can connect to users of different ISPs. These users
can have different user attributes, such as different username and password structures, different service
types, and different rights. To manage users of different ISPs, configure ISP domains, and configure AAA
methods and domain attributes for each ISP domain as needed.
The device supports a maximum of 16 ISP domains, including the system-defined ISP domain system. You
can specify one of the ISP domains as the default domain. You can modify the settings of the ISP domain
system, but you cannot delete the domain.
On the device, each user belongs to an ISP domain. If a user does not provide an ISP domain name at
login, the device considers the user belongs to the default ISP domain.
An ISP domain cannot be deleted when it is the default ISP domain. Before you use the undo domain
command, change the domain to a non-default ISP domain by using the undo domain default enable
command.
To create an ISP domain:
Step
1.
Enter system view.
2.
Create an ISP domain and
enter ISP domain view.
3.
Return to system view.
4.
(Optional.) Specify the default
ISP domain.
Configuring ISP domain attributes
In an ISP domain, you can configure the following attributes:
Domain status—By placing the ISP domain in active or blocked state, you allow or deny network
•
service requests from users in the domain.
•
Default authorization user profile—When a user passes authentication, it typically obtains an
authorization user profile from the local or remote server. If the user does not obtain any user profile
from the server, the device authorizes the default user profile of the ISP domain to the user. The
device will restrict the user behavior based on the profile.
An ISP domain attribute applies to all users in the domain.
To configure ISP domain attributes:
attributes."
schemes," and
Command
system-view
domain isp-name
quit
domain default enable
isp-name
42
"Configuring LDAP
schemes."
Remarks
N/A
N/A
N/A
By default, the default ISP domain is the
system-defined ISP domain system.
"Configuring RADIUS
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
