Manualshelf

R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
161162163164165166167168169170
158
6. After receiving the username from the user, the HWTACACS client sends the server a
continue-authentication packet that carries the username.
7. The HWTACACS server sends back an authentication response, requesting the login password.
8. Upon receipt of the response, the HWTACACS client asks the user for the login password.
9. The user enters the password.
10. After receiving the login password, the HWTACACS client sends the HWTACACS server a
continue-authentication packet that carries the login password.
11. The HWTACACS server sends back an authentication response to indicate that the user has
passed authentication.
12. The HWTACACS client sends the user authorization request packet to the HWTACACS server.
13. The HWTACACS server sends back the authorization response, indicating that the user is now
authorized.
14. Knowing that the user is now authorized, the HWTACACS client pushes its configuration interface
to the user.
15. The HWTACACS client sends a start-accounting request to the HWTACACS server.
16. The HWTACACS server sends back an accounting response, indicating that it has received the
start-accounting request.
17. The user logs off.
18. The HWTACACS client sends a stop-accounting request to the HWTACACS server.
19. The HWTACACS server sends back a stop-accounting response, indicating that the
stop-accounting request has been received.
Domain-based user management
A NAS manages users based on Internet service provider (ISP) domains. On a NAS, each user belongs
to one ISP domain. A NAS determines the ISP domain a user belongs to by the username entered by the
user at login, as shown in Figure 135.
Figure 135 Det
ermining the ISP domain of a user by the username
The authentication, authorization, and accounting process of a user depends on the AAA methods
configured for the domain to which the user belongs. If no specific AAA methods are configured for the
domain, the default methods are used. By default, a domain uses local authentication, local
authorization, and local accounting.
AAA allows you to manage users based on their access types: