R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
iv
AAA configuration task list ································································································································· 134
RADIUS configuration task list ···························································································································· 134
Configuring AAA ························································································································································· 135
Configuration prerequisites ································································································································ 135
Creating an ISP domain ····································································································································· 135
Configuring ISP domain attributes ····················································································································· 135
Configuring AAA authentication methods for an ISP domain ········································································ 136
Configuring AAA authorization methods for an ISP domain ········································································· 138
Configuring AAA accounting methods for an ISP domain ············································································· 139
Configuring local user attributes ························································································································ 140
Configuring user group attributes ······················································································································ 143
Tearing down user connections ························································································································· 144
Configuring a NAS ID-VLAN binding ··············································································································· 144
Displaying and maintaining AAA ····················································································································· 144
Configuring RADIUS ···················································································································································· 145
Creating a RADIUS scheme ······························································································································· 145
Specifying the RADIUS authentication/authorization servers ········································································ 145
Specifying the RADIUS accounting servers and relevant parameters ··························································· 146
Setting the shared key for RADIUS packets ······································································································ 147
Setting the maximum number of RADIUS request transmission attempts ······················································· 147
Setting the supported RADIUS server type ········································································································ 148
Setting the status of RADIUS servers ·················································································································· 148
Configuring the username format and traffic statistics units ··········································································· 149
Enabling the RADIUS trap function ···················································································································· 150
Specifying the source IP address for outgoing RADIUS packets ···································································· 150
Setting timers for controlling communication with RADIUS servers ································································ 151
Configuring RADIUS accounting-on ·················································································································· 152
Specifying a security policy server ···················································································································· 153
Enabling the listening port of the RADIUS client ······························································································ 153
Configuring interpretation of RADIUS class attribute as CAR parameters ···················································· 153
Displaying and maintaining RADIUS ················································································································ 154
AAA configuration examples ······································································································································ 154
AAA for Telnet/SSH users by a RADIUS server ······························································································· 154
AAA for FTP/Telnet users by the LB module itself ···························································································· 158
Level switching authentication for Telnet users by a RADIUS server ······························································ 160
Troubleshooting AAA ·················································································································································· 164
Troubleshooting RADIUS ····································································································································· 164
RADIUS attributes ···················································································································································· 166
Commonly used standard RADIUS attributes ············································································································ 166
Proprietary RADIUS sub-attributes of HP ···················································································································· 167
Session management ·············································································································································· 169
Session management overview ·································································································································· 169
Session management principle ·························································································································· 169
Session management implementation ··············································································································· 169
Session management configuration task list ·············································································································· 170
Setting session aging times based on protocol state ······················································································· 170
Configuring session aging times based on application layer protocol type ················································ 171
Enabling checksum verification ·························································································································· 171
Specifying the persistent session ACL ··············································································································· 171
Clearing sessions manually ································································································································ 172
Configuring session logging ······································································································································· 172
Configuring session log export ··································································································································· 172
Displaying and maintaining session management ··································································································· 173