R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

141

142

143

144

145

146

147

148

149

150

135

Configuring AAA

Configuration prerequisites

For remote authentication, authorization, or accounting, you must create the RADIUS schemes first. For

RADIUS scheme configuration, see “Configuring RADIUS.”

Creating an ISP domain

In a networking scenario with multiple ISPs, the LB module may connect users of different ISPs, and users

of different ISPs may have different user attributes, such as different username and password structures,

different service types, and different rights. To distinguish the users of different ISPs, configure ISP

domains, and configure different AAA methods and domain attributes for the ISP domains.

The LB module can accommodate up to 16 ISP domains, including the system predefined ISP domain

system. You can specify one of the ISP domains as the default domain.

On the LB module, each user belongs to an ISP domain. If a user provides no ISP domain name at login,

the LB module considers the user belongs to the default ISP domain.

Follow these steps to create an ISP domain:

To do… Use the command…

Remarks

Enter system view system-view —

Create an ISP domain and enter

ISP domain view

domain isp-name Required

Return to system view quit —

Specify the default ISP domain domain default enable isp-name

Optional

By default, the system has a default

ISP domain named system.

NOTE:

To delete the ISP domain that is functioning as the default ISP domain, you must change it to a non-defaul

ISP domain by using the undo domain default

enable command.

Configuring ISP domain attributes

In an ISP domain, you can configure the following attributes for all users in the domain:

• Domain status. By placing the ISP domain to the active or blocked state, you allow or deny network

service requests from users in the domain.

• Maximum number of online users. The LB module controls the number of online users in a domain

to ensure the system performance and service reliability.

• Idle cut. This function enables the LB module to check the traffic of each online user in the domain

at the idle timeout interval, and to log out any user in the domain whose traffic during the idle

timeout period is less than the specified minimum traffic.

• Self-service server location. By using the information defined in this attribute, users can access the

self-service server to manage their own accounts and passwords.