HP VPN Firewall Appliances Access Control Configuration Guide
225
Ste
p
Command
Remarks
7. Specify the
authentication method
for PPP users.
authentication ppp { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |
none | radius-scheme radius-scheme-name
[ local ] }
Optional.
The default authentication
method is used by default.
8. Specify the
authentication method
for SSL VPN users.
authentication ssl-vpn radius-scheme
radius-scheme-name
Optional.
The default authentication
method is used by default.
9. Specify the
authentication method
for privilege level
switching.
authentication super { hwtacacs-scheme
hwtacacs-scheme-name | radius-scheme
radius-scheme-name }
Optional.
The default authentication
method is used by default.
The following matrixes show the authentication methods and hardware compatibility by user type:
Hardware DVPN user authentication method com
p
atible
F1000-A-EI/F1000-S-EI No
F1000-E Yes
F5000 Yes
F5000-S/F5000-C Yes
VPN firewall modules Yes
20-Gbps VPN firewall modules No
Hardware SSL VPN user authentication method com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 No
F5000-S/F5000-C Yes
VPN firewall modules No
20-Gbps VPN firewall modules No
Configuring authorization methods for an ISP domain
In AAA, authorization is a separate process at the same level as authentication and accounting. Its
responsibility is to send authorization requests to the specified authorization servers and to send
authorization information to users after successful authorization. Authorization method configuration is
optional in AAA configuration.
AAA supports the following authorization methods:
• No authorization (none)—The NAS performs no authorization exchange. After passing
authentication, non-login users can access the network, FTP users can access the root directory of
the NAS, and other login users have Level 0 (visiting) access. Support for AUX logins depends on
the device model. For more information, see Getting Started Guide.
• Local authorization (local)—The NAS performs authorization according to the user attributes
configured for users.