HP VPN Firewall Appliances Access Control Configuration Guide
v
Configuring a NAS ID-VLAN binding ··············································································································· 230
Displaying and maintaining AAA ····················································································································· 230
RADIUS authentication/authorization configuration example for Telnet/SSH users ··································· 231
Local authentication/authorization configuration example for Telnet/FTP users ········································· 232
Level switching authentication configuration example for Telnet users by a RADIUS server ······················ 234
AAA configuration example for portal users by a RADIUS server ································································· 238
HWTACACS configuration example ················································································································ 240
Configuring AAA in the Web interface ····················································································································· 243
Recommended configuration procedure ··········································································································· 243
Configuring RADIUS schemes ···························································································································· 243
Configuring HWTACACS schemes ··················································································································· 250
Configuring an ISP domain ································································································································ 255
Configuring authentication methods for the ISP domain ················································································· 256
Configuring authorization methods for the ISP domain ·················································································· 258
Configuring accounting methods for the ISP domain ······················································································ 260
RADIUS authentication/authorization configuration example for Telnet/SSH users ··································· 262
Local authentication/authorization configuration example for Telnet/FTP users ········································· 267
Troubleshooting AAA ·················································································································································· 270
Troubleshooting RADIUS ····································································································································· 270
Troubleshooting HWTACACS ···························································································································· 272
Configuring password control ································································································································ 273
FIPS compliance ··························································································································································· 275
Password control configuration task list ····················································································································· 275
Enabling password control ········································································································································· 276
Setting global password control parameters ············································································································ 277
Setting user group password control parameters ····································································································· 278
Setting local user password control parameters ······································································································· 278
Setting super password control parameters ·············································································································· 279
Setting a local user password in interactive mode ··································································································· 279
Displaying and maintaining password control ········································································································· 280
Password control configuration example ·················································································································· 280
FIPS configuration ··················································································································································· 283
Feature and hardware compatibility ·························································································································· 283
Overview ······································································································································································· 283
Configuring FIPS ··························································································································································· 283
Prerequisites ························································································································································· 283
Enabling FIPS mode ············································································································································ 283
Settings changed by enabling FIPS mode ········································································································ 284
FIPS self-tests ································································································································································· 284
Power-up self-tests ················································································································································ 284
Conditional self-tests ············································································································································ 285
Triggered self-test ················································································································································· 285
Displaying and maintaining FIPS ······························································································································· 285
Support and other resources ·································································································································· 287
Contacting HP ······························································································································································ 287
Subscription service ············································································································································ 287
Related information ······················································································································································ 287
Documents ···························································································································································· 287
Websites ······························································································································································· 287
Conventions ·································································································································································· 288
Index ········································································································································································ 290