Aaa Authorization - HP FlexNetwork MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
IKEv2 commands
aaa authorization
Use aaa authorization to enable IKEv2 AAA authorization.
Use undo aaa authorization to disable IKEv2 AAA authorization.
Syntax
aaa authorization domain domain-name username user-name
undo aaa authorization
Default
IKEv2 AAA authorization is disabled.
Views
IKEv2 profile view
Predefined user roles
network-admin
Parameters
domain domain-name: Specifies the ISP domain used for requesting authorization attributes. The
ISP domain name is a case-insensitive string of 1 to 255 characters and must meet the following
requirements:
•
The name cannot contain a forward slash (/), backslash (\), vertical bar (|), quotation mark ("),
colon (:), asterisk (*), question mark (?), left angle bracket (<), right angle bracket (>), or an at
sign (@).
•
The name cannot be d, de, def, defa, defau, defaul, default, i, if, if-, if-u, if-un, if-unk,
if-unkn, if-unkno, if-unknow, or if-unknown.
username user-name: Specifies the username used for requesting authorization attributes. The
username is a case-sensitive string of 1 to 55 characters and must meet the following requirements:
•
The username cannot contain the domain name.
•
The username cannot contain a forward slash (/), backslash (\), vertical bar (|), colon (:),
asterisk (*), question mark (?), left angle bracket (<), right angle bracket (>), or an at sign (@).
•
The username cannot be a, al, or all.
Usage guidelines
The AAA authorization feature enables IKEv2 to request authorization attributes, such as the IKEv2
IPv4 address pool, from AAA.
IKEv2 uses the ISP domain and username to request authorization attributes. AAA uses the
authorization settings in the ISP domain to request the user's authorization attributes from the
remote AAA server or the local user database. After IKEv2 passes the username authentication, it
obtains the authorization attributes.
This feature is applicable when AAA is used to centrally manage and deploy authorization attributes.
Examples
# Create an IKEv2 profile named profile1.
<Sysname> system-view
[Sysname] ikev2 profile profile1
# Enable AAA authorization. Specify the ISP domain name abc and the username test.
553
Advertisement
