Configuring Aaa Authentication Methods For An Isp Domain - HP 12500 Series Configuration Manual

Step
4. Specify the maximum number
of active users in the ISP
domain.
5. Configure the idle cut function.
6. Configure the self-service
server location function.
NOTE:
A self-service RADIUS server, such as Intelligent Management Center (IMC), is required for the self-service
server location function to work.

Configuring AAA authentication methods for an ISP domain

In AAA, authentication, authorization, and accounting are separate processes. Authentication refers to
the interactive authentication process of username/password/user information during an access or
service request. The authentication process neither sends authorization information to a supplicant nor
triggers any accounting.
AAA supports the following authentication methods:
No authentication (none)—All users are trusted and no authentication is performed. Generally, do
•
not use this method.
Local authentication (local)—Authentication is performed by the NAS, which is configured with the
•
user information, including the usernames, passwords, and attributes. Local authentication allows
high speed and low cost, but the amount of information that can be stored is limited by the
hardware.
• Remote authentication (scheme)—The access device cooperates with a RADIUS or HWTACACS
server to authenticate users. Remote authentication provides centralized information management,
high capacity, high reliability, and support for centralized authentication service for multiple access
devices. You can configure local or no authentication as the backup method, which will be used
when the remote server is not available. No authentication can only be configured for LAN users as
the backup method of remote authentication.
You can configure AAA authentication to work alone without authorization and accounting. By default,
an ISP domain uses the local authentication method.
Before configuring authentication methods, complete the following tasks:
For RADIUS or HWTACACS authentication, configure the RADIUS or HWTACACS scheme to be
•
referenced first. The local and none authentication methods do not require a scheme.
Determine the access type or service type to be configured. With AAA, you can configure an
•
authentication method for each access type and service type, limiting the authentication protocols
that can be used for access.
Determine whether to configure an authentication method for all access types or service types.
•
Follow these steps when you configure AAA authentication methods for an ISP domain:
Command
access-limit enable
max-user-number
idle-cut enable minute [ flow ]
self-service-url enable url-string
45
Remarks
Optional.
No limit by default.
Optional.
Disabled by default.
This command is effective for only
LAN users and portal users.
Optional.
Disabled by default.