R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

161

162

163

164

165

166

167

168

169

170

161

• Determine the access type or service type to be configured. With AAA, you can configure an

authentication method for each access type and service type, limiting the authentication protocols

that can be used for access.

• Determine whether to configure an authentication method for all access types or service types.

Follow these steps to configure AAA authentication methods for an ISP domain:

To do… Use the command…

Remarks

Enter system view system-view —

Enter ISP domain view domain isp-name —

Specify the default

authentication method for all

types of users

authentication default { hwtacacs-scheme

hwtacacs-scheme-name [ local ] | local |

none | radius-scheme radius-scheme-name

[ local ] }

Optional

local by default

Specify the authentication

method for login users

authentication login { hwtacacs-scheme

hwtacacs-scheme-name [ local ] | local |

none | radius-scheme radius-scheme-name

[ local ] }

Optional

The default authentication

method is used by default.

Specify the authentication

method for portal users

authentication portal { local | none |

radius-scheme radius-scheme-name [ local ] }

Optional

The default authentication

method is used by default.

Specify the authentication

method for PPP users

authentication ppp { hwtacacs-scheme

hwtacacs-scheme-name [ local ] | local |

none | radius-scheme radius-scheme-name

[ local ] }

Optional

The default authentication

method is used by default.

NOTE:

• The authentication method specified with the authentication default command is for all types of users

and has a priority lower than that for a specific access type.

• With an authentication method that references a RADIUS scheme, AAA accepts only the authentication

result from the RADIUS server. The Access-Accept message from the RADIUS server also carries the

authorization information, but the authentication process ignores the information.

• If you specify the radius-scheme

radius-scheme-name

local, hwtacacs-scheme

hwtacacs-scheme-name

local keyword and argument combination when confi

urin

an authentication

method, local authentication is the backup method and is used only when the remote server is not

available.

• If you specify only the local or none keyword in an authentication method configuration command, the

device has no backup authentication method and performs only local authentication or does not

perform any authentication.

Configuring AAA authorization methods for an ISP domain

In AAA, authorization is a separate process at the same level as authentication and accounting. Its

responsibility is to send authorization requests to the specified authorization servers and to send

authorization information to users after successful authorization. Authorization method configuration is

optional in AAA configuration.

AAA supports the following authorization methods: