Configuring Authorization Methods For An Isp Domain - HP 6125XLG Configuration Manual
Blade switch security configuration guide
Hide thumbs
Also See for 6125XLG:
- Layer 3 - ip routing configuration manual (492 pages) ,
- Command reference manual (466 pages) ,
- Configuration manual (414 pages)
Table of Contents
Advertisement
Step
3.
Specify the default
authentication method for
all types of users.
4.
Specify the authentication
method for LAN users.
5.
Specify the authentication
method for login users.
6.
Specify the authentication
method for obtaining a
temporary user role.
Configuring authorization methods for an ISP domain
Configuration prerequisites
Before configuring authorization methods, complete the following tasks:
Determine the access type or service type to be configured. With AAA, you can configure an
1.
authorization scheme for each access type and service type.
2.
Determine whether to configure the default authorization method for all access types or service
types. The default authorization method applies to all access users, but it has a lower priority than
the authorization method that is specified for an access type or service type.
Configuration guidelines
When configuring authorization methods, follow these guidelines:
The device does not support LDAP authorization.
•
•
To configure RADIUS authorization, also configure RADIUS authentication, and reference the same
RADIUS scheme for RADIUS authentication and authorization. If the RADIUS authorization
configuration is invalid or RADIUS authorization fails, the RADIUS authentication also fails.
Configuration procedure
To configure authorization methods for an ISP domain:
Step
1.
Enter system view.
Command
authentication default { hwtacacs-scheme
hwtacacs-scheme-name [ radius-scheme
radius-scheme-name ] [ local ] [ none ] |
ldap-scheme ldap-scheme-name [ local ]
[ none ] | local [ none ] | none | radius-scheme
radius-scheme-name [ hwtacacs-scheme
hwtacacs-scheme-name ] [ local ] [ none ] }
authentication lan-access { local [ none ] | none
| radius-scheme radius-scheme-name [ local ]
[ none ] }
authentication login { hwtacacs-scheme
hwtacacs-scheme-name [ radius-scheme
radius-scheme-name ] [ local ] [ none ] |
ldap-scheme ldap-scheme-name [ local ]
[ none ] | local [ none ] | none | radius-scheme
radius-scheme-name [ hwtacacs-scheme
hwtacacs-scheme-name ] [ local ] [ none ] }
authentication super { hwtacacs-scheme
hwtacacs-scheme-name | radius-scheme
radius-scheme-name } *
Command
system-view
42
Remarks
By default, the default
authentication method is
local.
The none keyword is not
supported in FIPS mode.
By default, the default
authentication method is
used for LAN users.
The none keyword is not
supported in FIPS mode.
By default, the default
authentication method is
used for login users.
The none keyword is not
supported in FIPS mode.
By default, the default
authentication method is
used for obtaining a
temporary user role.
Remarks
N/A
Advertisement
Table of Contents
Troubleshooting
