Recommended Aaa Configuration Procedure - HP 1910 User Manual

Figure 355 Determining the ISP domain of a user by the username
The authentication, authorization, and accounting of a user depends on the AAA methods configured for
the domain that the user belongs to. If no specific AAA methods are configured for the domain, the
default methods are used. By default, a domain uses local authentication, local authorization, and local
accounting.
AAA allows you to manage users based on their access types:
LAN-access users—Users on a LAN who must pass, for example, 802.1X or MAC address
•
authentication to access the network.
• Login users—Users who want to log in to the switch, including SSH users, Telnet users, web users,
FTP users, and terminal users.
In addition, AAA provides command authorization for login users to enhance security. With this function
configured, the NAS has every single command entered by a login user verified by the authorization
server to restrict the user to execute only authorized commands.

Recommended AAA configuration procedure

Before configuring AAA, complete the following tasks:
To implement local authentication, configure local users on the access device as described in
•
"Configuring users and user groups."
To implement RADIUS authentication, create the RADIUS schemes to be used as described in
•
"Configuring RADIUS."
Step
1. Configuring an ISP domain
2. Configuring authentication
methods for the ISP domain
Remarks
(Optional.)
Create ISP domains and specify one of them as the default ISP
domain.
By default, there is an ISP domain named system, which is the default
ISP domain.
(Optional.)
Configure authentication methods for various types of users.
By default, all types of users use local authentication.
379