R211x-HP Flexfabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products

Ste

Command

Remarks

3. Return to system view.

quit N/A

4. (Optional.) Specify the default

ISP domain.

domain default enable

isp-name

By default, the default ISP domain is the

system-defined ISP domain system.

Configuring ISP domain attributes

In an ISP domain, you can configure the following attributes:

• Domain status—By placing the ISP domain in active or blocked state, you allow or deny network

service requests from users in the domain.

• Authorization attributes—The device assigns the idle-cut authorization attributes configured in the

ISP domain to the authenticated users. If no authorization attribute is available in the ISP domain,

the server assigns authorization attributes to the authenticated users.

An ISP domain attribute applies to all users in the domain.

To configure ISP domain attributes:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter ISP domain view.

domain isp-name N/A

3. Place the ISP domain in active

or blocked state.

state { active | block }

By default, an ISP domain is in

active state, and users in the

domain can request network

services.

4. Configure authorization

attributes for authenticated

users in the ISP domain.

authorization-attribute idle-cut

minute [ flow ]

By default, the authorization

attributes are not configured and

the idle cut function is disabled.

Configuring authentication methods for an ISP domain

Configuration prerequisites

Before configuring authentication methods, complete the following tasks:

1. Determine the access type or service type to be configured. With AAA, you can configure an

authentication method for each access type and service type.

2. Determine whether to configure the default authentication method for all access types or service

types. The default authentication method applies to all access users, but it has a lower priority than

the authentication method that is specified for an access type or service type.

Configuration guidelines

When configuring authentication methods, follow these guidelines:

• If you configure an authentication method that references a RADIUS scheme and an authorization

method that does not reference a RADIUS scheme, AAA accepts only the authentication result from

the RADIUS server. The Access-Accept message from the RADIUS server also includes the

authorization information, but the device ignores the information.