Manualshelf

3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module
881882883884885886887888889890
Configuring AAA 889
HWTACACS configuration task list
Configuring AAA By configuring AAA, you can provide network access service for legal users,
protect the networking devices, and avoid unauthorized access and bilking. In
addition, you can configure ISP domains to perform AAA on accessing users.
In AAA, users are divided into lan-access users, login users, PPP users, command
line users. Except for command line users, you can configure separate
authentication/authorization/accounting policies for all the other type of users.
Command line users can be configured with authorization policy independently.
Configuration
Prerequisites
For remote authentication, authorization, or accounting, you must create the
RADIUS or HWTACACS scheme first.
RADIUS scheme: Reference a configured RADIUS scheme to implement
authentication/authorization and accounting. For RADIUS scheme
configuration, refer to
“Configuring RADIUS” on page 897.
HWTACACS scheme: Reference a configured HWTACACS scheme to
implement authentication/authorization and accounting. For HWTACACS
scheme configuration, refer to
“Configuring HWTACACS” on page 904.
Creating an ISP Domain For the NAS, each accessing user belongs to an ISP domain. Up to 16 ISP domains
can be configured on a NAS. If a user does not provide the ISP domain name, the
system considers that the user belongs to the default ISP domain.
“Setting the Maximum Number of RADIUS
Request Retransmission Attempts” on page
900
Optional
“Setting the Supported RADIUS Server Type”
on page 900
Optional
“Setting the Status of RADIUS Servers” on
page 901
Optional
“Configuring Attributes Related to the Data
Sent to the RADIUS Server” on page 902
Optional
“Configuring Local RADIUS Server” on page
903
Optional
“Setting Timers Regarding RADIUS Servers”
on page 903
Optional
Task Remarks
“Creating a HWTACACS scheme” on page 904 Required
“Specifying the HWTACACS Authentication Servers” on page 904 Required
“Specifying the HWTACACS Authorization Servers” on page 905 Optional
“Specifying the HWTACACS Accounting Servers” on page 905 Optional
“Setting the Shared Key for HWTACACS Packets” on page 906 Required
“Configuring Attributes Related to the Data Sent to the HWTACACS
Server” on page 906
Optional
“Setting Timers Regarding HWTACACS Servers” on page 907 Optional
Task Remarks