R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

• You can configure a default authentication method for an ISP domain. The default method will be

used for all users who support the authentication method and have no specific authentication

method configured.

• You can configure local authentication (local) or no authentication (none) as the backup for remote

authentication that is used when the remote authentication server is unavailable.

• Local authentication (local) and no authentication (none) cannot have a backup method.

• If the method for level switching authentication references an HWTACACS scheme, by default the

device uses the login username of the user for level switching authentication. If the method for level

switching authentication references a RADIUS scheme, the system uses the username configured for

the corresponding privilege level on the RADIUS server for level switching authentication, rather

than the login username. A username configured on the RADIUS server is in the format $enablevel$,

where level specifies the privilege level that the user wants to enter. For example, if user user1 of

domain aaa wants to switch the privilege level to 3, the system uses $enab3@aaa$ for

authentication when the domain name is required and uses $enab3$ for authentication when the

domain name is not required.

Configuration procedure

To configure authentication methods for an ISP domain:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter ISP domain view.

domain isp-name N/A

3. Specify the default

authentication method

for all types of users.

authentication default { hwtacacs-scheme

hwtacacs-scheme-name [ local ] | local |

none | radius-scheme radius-scheme-name

[ local ] }

Optional.

The default authentication

method is local for all types of

users.

4. Specify the

authentication method

for DVPN users.

authentication dvpn { local | none |

radius-scheme radius-scheme-name [ local ] }

Optional.

The default authentication

method is used by default.

5. Specify the

authentication method

for LAN users.

authentication lan-access { local | none |

radius-scheme radius-scheme-name [ local |

none ] }

Optional.

The default authentication

method is used by default.

This command is supported

only on SAP interface

modules that are operating in

Layer 2 mode.

6. Specify the

authentication method

for login users.

authentication login { hwtacacs-scheme

hwtacacs-scheme-name [ local ] | local |

none | radius-scheme radius-scheme-name

[ local ] }

Optional.

The default authentication

method is used by default.

7. Specify the

authentication method

for portal users.

authentication portal { local | none |

radius-scheme radius-scheme-name [ local ] }

Optional.

The default authentication

method is used by default.

8. Specify the

authentication method

for PPP users.

authentication ppp { hwtacacs-scheme

hwtacacs-scheme-name [ local ] | local |

none | radius-scheme radius-scheme-name

[ local ] }

Optional.

The default authentication

method is used by default.