Manualshelf

HP MSR2000/3000/4000 Router Series Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
21222324252627282930
16
Tasks at a
g
lance
(Required.) Perform at least one of the following tasks to configure local users or AAA schemes:
Configuring local users
Configuring RADIUS schemes
Configuring HWTACACS schemes
(Required.) Configure AAA methods for ISP domains:
1. (Required.) Creating an ISP domain
2. (Opti
onal.) Configuring ISP domain attributes
3. (Required.) Perform at least one of the following tasks to configure AAA authentication, authorization, and
accounting methods for the ISP domain:
{ Configuring authentication methods for an ISP domain
{ Configuring authorization methods for an ISP domain
{ Configuring accounting methods for an ISP domain
(Optional.) Enabling the session-control feature
(Optional.) Setting the maximum number of concurrent login users
Configuring AAA schemes
This section includes information on configuring local users, RADIUS schemes, and HWTACACS
schemes.
Configuring local users
To implement local authentication, authorization, and accounting, create local users and configure user
attributes on the device. The local users and attributes are stored in the local user database on the device.
A local user is uniquely identified by the combination of a username and a user type. Local users are
classified into the following types:
Device management user—User who logs in to the device for device management.
Network access user—User who accesses network resources through the device.
Configurable local user attributes are:
Service type—Services that the user can use. Local authentication checks the service types of a local
user. If none of the service types is available, the user cannot pass authentication.
Service types include FTP, LAN access, portal, PPP, SSH, Telnet, and terminal.
User state—Whether or not a local user can request network services. There are two user states:
active and blocked. A user in active state can request network services, but a user in blocked state
cannot.
Upper limit of concurrent logins using the same user name—Maximum number of users who can
concurrently access the device by using the same user name. When the number of local users using
the same user name reaches the upper limit, no more local users can access the device by using that
user name.
User group—Each local user belongs to a local user group and has all attributes of the group, such
as the password control attributes and authorization attributes. For more information about local
user group, see "Configuring user group attributes."