Configuring Aaa Authentication Methods For An Isp Domain - HP A5830 Series Configuration Manual

To do...
5. Configure the idle cut function.
6. Enable the self-service server
location function and specify
the URL of the self-service
server.
7. Specify the default
authorization user profile.
For more information about user profiles, see
A self-service RADIUS server, such as iMC, is required for the self-service server location function to
work.

Configuring AAA authentication methods for an ISP domain

In AAA, authentication, authorization, and accounting are separate processes. Authentication refers to
the interactive authentication process of username/password/user information during an access or
service request. The authentication process does not send authorization information to a supplicant or
trigger accounting.
AAA supports the following authentication methods:
No authentication (none)—All users are trusted and no authentication is performed. Generally, do
•
not use this method.
Local authentication (local)—Authentication is performed by the NAS, which is configured with the
•
user information, including the usernames, passwords, and attributes. Local authentication allows
high speed and low cost, but the amount of information that can be stored is limited by the
hardware.
Remote authentication (scheme)—The NAS cooperates with a RADIUS or HWTACACS server to
•
authenticate users. Remote authentication provides centralized information management, high
capacity, high reliability, and support for centralized authentication service for multiple NASs. You
can configure local or no authentication (none) as the backup method, which is used when the
remote server is not available. No authentication can only be configured for LAN users as the
backup method of remote authentication.
You can configure AAA authentication to work alone without authorization and accounting. By default,
an ISP domain uses the local authentication method.
Before you configure authentication methods, complete the following tasks:
For RADIUS or HWTACACS authentication, configure the RADIUS or HWTACACS scheme to be
•
referenced first. The local and none authentication methods do not require a scheme.
Determine the access type or service type to be configured. With AAA, you can configure an
•
authentication method for each access type and service type, limiting the authentication protocols
that can be used for access.
Determine whether to configure an authentication method for all access types or service types.
•
Use the command...
idle-cut enable minute [ flow ]
self-service-url enable url-string
authorization-attribute user-
profile profile-name
"Configuring local
38
Remarks
Optional.
Disabled by default.
This command is effective only for
LAN users.
Optional.
Disabled by default.
Optional.
By default, an ISP domain has no
default authorization user profile.
users."