3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

Configuring AAA 33

You can custom an AAA scheme combination according to the above

implementations.

■ For DVPN services

At present, only RADIUS, local and RADIUS-local support authentication and

authorization, and only RADIUS supports accounting.

Perform the following configuration in ISP domain view.

1 If separate AAA schemes are configured as well as the binding AAA scheme, the

former ones are used.

2 The RADIUS and local schemes do not support separated authentication and

authorization. Therefore, the following should be noted:

■ When the scheme radius-scheme or scheme local command is configured,

and the authentication command is not configured:

If authorization none is configured, the authorization data returned by the

RADIUS or local scheme is still valid;

If authorization hwtacacs is configured, the HWTACACS scheme is used for

authorization.

■ If the scheme radius-scheme or scheme local command is configured as well

as the authentication hwtacacs-scheme command, the HWTACACS scheme

is used for authentication and no authorization is performed.

Configuring the ISP domain state

Every ISP has active/block states. If an ISP domain is in active state, the users in it

can request for network service, while in block state, its users cannot request for

any network service, which will not affect the users already online. An ISP is in the

active state when it is first created. Users in the domain are allowed to request

network service.

Perform the following configuration in ISP domain view.

Tab le 15 Configure the related ISP domain attributes

Operation Command

Configure an authentication

scheme for the domain.

authentication { radius-scheme radius-scheme-name [

local ] | hwtacacs-scheme hwtacacs-scheme-name [ local

] | local | none }

Restore the default

authentication scheme for the

domain.

undo authentication

Configure an authorization

scheme for the domain.

authorization { hwtacacs-scheme

hwtacacs-scheme-name | none }

Restore the default authorization

scheme for the domain.

undo authorization

Configure an accounting

scheme for the domain.

accounting { radius-scheme radius-scheme-name |

hwtacacs-scheme hwtacacs-scheme-name | none }

Restore the default accounting

scheme for the domain.

undo accounting