Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
31323334353637383940
32 CHAPTER 4: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION
Perform the following configuration in ISP domain view.
The default AAA scheme is local.
c
CAUTION:
An FTP user login cannot be authenticated in none mode because an FTP server
implemented with Comware does not support anonymous login.
If the scheme none command is used, the priority level of a user logged into
the system is level 0.
2 AAA separate mode
In this mode, you can use the authentication, authorization or accounting
command to select schemes for the three tasks respectively. For example, you can
specify the RADIUS scheme for authentication and authorization, and the
HWTACACS scheme for optional accounting, so as to provide users with flexibility
in scheme combination. Implementations of AAA services in this mode are listed
below.
For terminal users
Use RADIUS, HWTACACS, local, RADIUS-local, HWTACACS-local or none for
authentication;
Use HWTACACS or none for authorization;
Use RADIUS, HWTACACS or none for accounting.
You can custom an AAA scheme combination according to the above
implementations.
For FTP users
Only authentication can be applied on FTP users.
Use RADIUS, HWTACACS, local, RADIUS-local or HWTACACS-local for
authentication.
For PPP and L2TP users
Use RADIUS, HWTACACS, local, RADIUS-local, HWTACACS-local or none for
authentication.
Use HWTACACS or none for authorization.
Use RADIUS, HWTACACS or none for accounting.
Tabl e 14 Configure the related attributes of the ISP domain
Operation Command
Configure an AAA
scheme for the domain.
scheme { radius-scheme radius-scheme-name [ local ] |
hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none }
Restore the default AAA
scheme.
undo scheme [ radius-scheme | hwtacacs-scheme | none ]