Manualshelf

3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
31323334353637383940
Configuring AAA 35
Perform the following configuration in ISP domain view.
By default, no address pool is configured.
The following are the principles of IP address allocation to PPP users in AAA:
1 For a domain user with a name either in the form of userid or userid@isp-name,
the address is allocated as follows:
If RADIUS or TACACS authentication/authorization applies, the address that
the server has issued to the user is allocated, if there is any.
If the server issues an address pool instead of an address, the device searches
the address pool in domain view for an address.
In case no address can be allocated with the above two methods or local
authentication is used, the device assigns the address configured on the
interface to the user.
If the remote address ip-address command is issued on the interface and the
specified address is not in use, the device assigns the address to the user.
If the remote address pool command is issued on the interface, the device
searches for the address in the specified address pool in domain view and
assigns the address to the user.
If the remote address command is not issued on the interface, the device
searches for the address in all the address pools in domain view and assigns the
address to the user.
2 For a user that is not to be authenticated, the device allocates address using the
specified address pool (defined in system view) on the interface.
n
For a user that is to be authenticated and is not assigned any address with the
remote address ip-address command, you can still change how a PPP user is
assigned an address.
Creating a Local User
and Setting the Related
Attributes
Create a local user and configure the related attributes on the security gateway if
you select the local authentication scheme in AAA.
n
If you use a radius-scheme or hwtacacs-scheme to authenticate users, you must
appropriately configure the RADIUS or TACACS server. The local configuration in
this case does not take effect.
Creating a local user
A local user is a group of users set on NAS (a security gateway). The username is
the unique identifier of a user. A user requesting network service can pass local
authentication as long as its information has been added to the local user
database of NAS.
Tab le 19 Define an IP address pool for PPP domain users
Operation Command
Define an IP address pool for allocating
addresses to PPP users.
ip pool pool-number low-ip-address [
high-ip-address ]
Delete the specified address pool. undo ip pool pool-number