Configuring Authentication Methods For An Isp Domain - HP FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
whose total traffic in the idle timeout period is less than the specified minimum traffic. If no idle
cut attribute is available in the ISP domain, the idle cut feature of the server takes effect.
An ISP domain attribute applies to all users in the domain.
To configure ISP domain attributes:
Step
1.
Enter system view.
2.
Enter ISP domain view.
3.
Place the ISP domain in
active or blocked state.
4.
Configure authorization
attributes for authenticated
users in the ISP domain.
Configuring authentication methods for an ISP domain
Configuration prerequisites
Before configuring authentication methods, complete the following tasks:
1.
Determine the access type or service type to be configured. With AAA, you can configure an
authentication method for each access type and service type.
2.
Determine whether to configure the default authentication method for all access types or
service types. The default authentication method applies to all access users. However, the
method has a lower priority than the authentication method that is specified for an access type
or service type.
Configuration guidelines
When configuring authentication methods, follow these guidelines:
•
If the authentication method references a RADIUS scheme and the authorization method does
not reference a RADIUS scheme, AAA accepts only the authentication result from the RADIUS
server. The Access-Accept message from the RADIUS server also includes the authorization
information, but the device ignores the information.
•
If an HWTACACS scheme is specified, the device uses the entered username for role
authentication. If a RADIUS scheme is specified, the device uses the username $enabn$ on
the RADIUS server for role authentication. The variable n represents a user role level. For more
information about user role authentication, see Fundamentals Configuration Guide.
Configuration procedure
To configure authentication methods for an ISP domain:
Step
1.
Enter system view.
2.
Enter ISP domain view.
Command
system-view
domain isp-name
state { active | block }
authorization-attribute
{ idle-cut minute [ flow ] | ip-pool
ipv4-pool-name | ipv6-pool
ipv6-pool-name | user-profile
profile-name }
Command
system-view
domain isp-name
44
Remarks
N/A
N/A
By default, an ISP domain is in
active state, and users in the
domain can request network
services.
By default, the idle cut feature is
disabled.
The ip-pool, ipv6-pool, and
user-profile attributes are not
supported in the current software
version.
Remarks
N/A
N/A
Advertisement
Table of Contents
Troubleshooting
