HP 4800G Series Configuration Manual page 1186

1 AAA Configuration ····································································································································1-1
Introduction to AAA ·································································································································1-1
Introduction to RADIUS···························································································································1-2
Client/Server Model ·························································································································1-2
Security and Authentication Mechanisms ·······················································································1-3
Basic Message Exchange Process of RADIUS ··············································································1-3
RADIUS Packet Format···················································································································1-4
Extended RADIUS Attributes ··········································································································1-7
Introduction to HWTACACS····················································································································1-7
Differences Between HWTACACS and RADIUS············································································1-8
Basic Message Exchange Process of HWTACACS ·······································································1-8
Protocols and Standards·······················································································································1-10
AAA Configuration Task List ·················································································································1-10
AAA Configuration Task List ·········································································································1-11
RADIUS Configuration Task List ···································································································1-11
HWTACACS Configuration Task List ····························································································1-12
Configuring AAA····································································································································1-12
Configuration Prerequisites ···········································································································1-12
Creating an ISP Domain················································································································1-12
Configuring ISP Domain Attributes································································································1-13
Configuring AAA Authentication Methods for an ISP Domain·······················································1-14
Configuring AAA Authorization Methods for an ISP Domain ························································1-15
Configuring AAA Accounting Methods for an ISP Domain····························································1-17
Configuring Local User Attributes··································································································1-19
Configuring User Group Attributes ································································································1-20
Tearing down User Connections Forcibly ·····················································································1-21
Displaying and Maintaining AAA ···································································································1-21
Configuring RADIUS ·····························································································································1-22
Creating a RADIUS Scheme ·········································································································1-22
Specifying the RADIUS Authentication/Authorization Servers······················································1-23
Specifying the RADIUS Accounting Servers and Relevant Parameters·······································1-23
Setting the Shared Key for RADIUS Packets················································································1-24
Setting the Upper Limit of RADIUS Request Retransmission Attempts ·······································1-25
Setting the Supported RADIUS Server Type ················································································1-25
Setting the Status of RADIUS Servers ··························································································1-26
Configuring Attributes Related to Data to Be Sent to the RADIUS Server ···································1-27
Setting Timers Regarding RADIUS Servers··················································································1-28
Specifying a Security Policy Server·······························································································1-29
Enabling the Listening Port of the RADIUS Client ········································································1-30
Displaying and Maintaining RADIUS·····························································································1-30
Configuring HWTACACS ······················································································································1-30
Creating a HWTACACS scheme···································································································1-31
Specifying the HWTACACS Authentication Servers·····································································1-31
Table of Contents
i