Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
31323334353637383940
Configuring AAA 35
Define an address pool in system view and assign it (only one is allowed) to the
interface in the view of this interface for assigning addresses to the connected
ends.
Define address pools in domain view and directly allocate the addresses from
the pools to the login domain PPP users.
Perform the following configuration in ISP domain view.
By default, no address pool is configured.
The following are the principles of IP address allocation to PPP users in AAA:
1 For a domain user with a name either in the form of userid or userid@isp-name,
the address is allocated as follows:
If RADIUS or TACACS authentication/authorization applies, the address that
the server has issued to the user is allocated, if there is any.
If the server issues an address pool instead of an address, the device searches
the address pool in domain view for an address.
In case no address can be allocated with the above two methods or local
authentication is used, the device assigns the address configured on the
interface to the user.
If the remote address ip-address command is issued on the interface and the
specified address is not in use, the device assigns the address to the user.
If the remote address pool command is issued on the interface, the device
searches for the address in the specified address pool in domain view and
assigns the address to the user.
If the remote address command is not issued on the interface, the device
searches for the address in all the address pools in domain view and assigns the
address to the user.
2 For a user that is not to be authenticated, the device allocates address using the
specified address pool (defined in system view) on the interface.
n
For a user that is to be authenticated and is not assigned any address with the
remote address ip-address command, you can still change how a PPP user is
assigned an address.
Creating a Local User
and Setting the Related
Attributes
Create a local user and configure the related attributes on the security gateway if
you select the local authentication scheme in AAA.
n
If you use a radius-scheme or hwtacacs-scheme to authenticate users, you must
appropriately configure the RADIUS or TACACS server. The local configuration in
this case does not take effect.
Tab le 19 Define an IP address pool for PPP domain users
Operation Command
Define an IP address pool for allocating
addresses to PPP users.
ip pool pool-number low-ip-address [
high-ip-address ]
Delete the specified address pool. undo ip pool pool-number