R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Configuring AAA ···················································································································································· 150

Feature and hardware compatibility ·························································································································· 150

AAA overview ······························································································································································ 150

RADIUS ································································································································································· 151

HWTACACS ························································································································································ 156

Domain-based user management ······················································································································ 158

AAA across VPNs ··············································································································································· 159

Protocols and standards ····································································································································· 160

RADIUS attributes ················································································································································ 160

AAA configuration considerations and task list ········································································································ 163

Configuring AAA schemes ·········································································································································· 164

Configuring local users ······································································································································· 164

Configuring RADIUS schemes in the web interface ························································································· 169

RADIUS configuration example in the web interface ······················································································ 176

Configure RADIUS schemes at the CLI ·············································································································· 181

RADIUS scheme configuration guidelines ········································································································· 192

Configuring HWTACACS schemes in the web interface ················································································ 193

HWTACACS configuration example in the web interface ············································································· 197

Configuring HWTACACS schemes at the CLI ·································································································· 200

HWTACACS scheme configuration guidelines ································································································ 207

Configuring AAA methods for ISP domains ·············································································································· 207

Configuration prerequisites ································································································································ 207

Creating an ISP domain ····································································································································· 208

Configuring ISP domain attributes ····················································································································· 208

Configuring AAA authentication methods for an ISP domain ········································································ 209

Configuring AAA authorization methods for an ISP domain ········································································· 211

Configuring AAA accounting methods for an ISP domain ············································································· 212

Forcibly tearing down user connections ···················································································································· 214

Configuring a NAS ID-VLAN binding ························································································································ 214

Displaying and maintaining AAA ······························································································································ 215

AAA configuration examples ······································································································································ 215

Authentication and authorization for Telnet and SSH users by a RADIUS server ········································ 215

Local authentication and authorization for Telnet and FTP users ··································································· 220

Level switching authentication for Telnet users by a RADIUS server ······························································ 222

AAA for portal users by a RADIUS server ········································································································ 226

Troubleshooting AAA ·················································································································································· 233

Troubleshooting RADIUS ····································································································································· 233

Troubleshooting HWTACACS ···························································································································· 235

Configuring password control ································································································································ 236

Password control overview ········································································································································· 236

Password control configuration task list ····················································································································· 238

Enabling password control ································································································································· 239

Setting global password control parameters ···································································································· 240

Setting user group password control parameters ···························································································· 241

Setting local user password control parameters ······························································································ 241

Setting super password control parameters ····································································································· 242

Setting a local user password in interactive mode ·························································································· 243

Displaying and maintaining password control ········································································································· 243

Password control configuration example ·················································································································· 244

Configuring FIPS······················································································································································ 247