Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
31323334353637383940
21
Task Remarks
schemes
Configuring RADIUS schemes
Complete at least
one task
.
Configuring HWTACACS schemes
Configuring AAA
methods for ISP domains
Creating an ISP domain Required.
Configuring ISP domain attributes Optional.
Configuring authentication methods for an ISP domain
Required.
Complete at least
one task.
Configuring authorization methods for an ISP domain
Configuring accounting methods for an ISP domain
Tearing down user connections Optional.
Configuring a NAS ID-VLAN binding Optional.
NOTE:
To use AAA methods to control access of login users, you must configure the user interfaces to use AAA b
y
using the authentication-mode command. For more information, see
Fundamentals Configuration Guide
.
Configuring AAA schemes
Configuring local users
To implement local AAA, you must create local users and configure user attributes on the device. The
local users and attributes are stored in the local user database on the device. A local user is uniquely
identified by a username. Configurable local user attributes are as follows:
Service type.
Services that the user can use. Local authentication checks the service types of a local user. If none
of the service types is available, the user cannot pass authentication.
Service types include DVPN, FTP, LAN access, portal, PPP, SSH, Telnet, and terminal.
User state.
Indicates whether or not a local user can request network services. There are two user states: active
and blocked. A user in active state can request network services, but a user in blocked state
cannot.
Maximum number of users using the same local user account:
Indicates how many users can use the same local user account for local authentication.
Validity time and expiration time.
Indicates the validity time and expiration time of a local user account. A user must use a valid local
user account to pass local authentication. When some users need to access the network
temporarily, you can create a guest account and specify a validity time and an expiration time for
the account to control the validity of the account.
User group.
Each local user belongs to a local user group and bears all attributes of the group, such as the
password control attributes and authorization attributes. For more information about local user
group, see "
Configuring user group attributes."