Configuring Authorization Methods For An Isp Domain - HP FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
Step
3.
Specify the default
authentication method for
all types of users.
4.
Specify the
authentication method for
LAN users.
5.
Specify the
authentication method for
login users.
6.
Specify the
authentication method for
portal users.
7.
Specify the
authentication method for
obtaining a temporary
user role.
Configuring authorization methods for an ISP domain
Configuration prerequisites
Before configuring authorization methods, complete the following tasks:
1.
Determine the access type or service type to be configured. With AAA, you can configure an
authorization scheme for each access type and service type.
2.
Determine whether to configure the default authorization method for all access types or service
types. The default authorization method applies to all access users. However, the method has a
lower priority than the authorization method that is specified for an access type or service type.
Configuration guidelines
When configuring authorization methods, follow these guidelines:
•
The device supports HWTACACS authorization but not LDAP authorization.
•
To use a RADIUS scheme as the authorization method, reference the same RADIUS scheme
that is configured as the authentication method for the ISP domain. If an invalid RADIUS
scheme is specified as the authorization method, RADIUS authentication and authorization fail.
Configuration procedure
To configure authorization methods for an ISP domain:
Command
authentication default { hwtacacs-scheme
hwtacacs-scheme-name [ radius-scheme
radius-scheme-name ] [ local ] [ none ] |
ldap-scheme ldap-scheme-name [ local ]
[ none ] | local [ none ] | none |
radius-scheme radius-scheme-name
[ hwtacacs-scheme
hwtacacs-scheme-name ] [ local ] [ none ] }
authentication lan-access { ldap-scheme
ldap-scheme-name [ local ] [ none ] | local
[ none ] | none | radius-scheme
radius-scheme-name [ local ] [ none ] }
authentication login { hwtacacs-scheme
hwtacacs-scheme-name [ radius-scheme
radius-scheme-name ] [ local ] [ none ] |
ldap-scheme ldap-scheme-name [ local ]
[ none ] | local [ none ] | none |
radius-scheme radius-scheme-name
[ hwtacacs-scheme
hwtacacs-scheme-name ] [ local ] [ none ] }
authentication portal { ldap-scheme
ldap-scheme-name [ local ] [ none ] | local
[ none ] | none | radius-scheme
radius-scheme-name [ local ] [ none ] }
authentication super { hwtacacs-scheme
hwtacacs-scheme-name | radius-scheme
radius-scheme-name } *
45
Remarks
By default, the default
authentication method is
local.
The none keyword is not
supported in FIPS mode.
By default, the default
authentication method is
used for LAN users.
The none keyword is not
supported in FIPS mode.
By default, the default
authentication method is
used for login users.
The none keyword is not
supported in FIPS mode.
By default, the default
authentication method is
used for portal users.
The none keyword is not
supported in FIPS mode.
By default, the default
authentication method is
used for obtaining a
temporary user role.
Advertisement
Table of Contents
Troubleshooting
