HP 12500 Series Configuration Manual page 56
Routing
Hide thumbs
Also See for 12500 Series:
- Configuration manual (402 pages) ,
- Network management and monitoring command reference (320 pages) ,
- Command reference manual (157 pages)
Table of Contents
Advertisement
The authentication method specified with the authentication default command is for all types of
•
users and has a priority lower than that for a specific access type.
With an authentication method that references a RADIUS scheme, AAA accepts only the
•
authentication result from the RADIUS server. The Access-Accept message from the RADIUS server
also carries the authorization information, but the authentication process ignores the information.
If
you
specify
•
hwtacacs-scheme-name local option when configuring an authentication method, local
authentication is the backup method and is used only when the remote server is not available.
•
If you specify only the local or none keyword in an authentication method configuration command,
the switch has no backup authentication method and performs only local authentication or does not
perform any authentication.
If the method for level switching authentication references an HWTACACS scheme, the switch uses
•
the login username of a user for level switching authentication of the user by default. If the method
for level switching authentication references a RADIUS scheme, the system uses the username
configured for the corresponding privilege level on the RADIUS server for level switching
authentication, rather than the login username. A username configured on the RADIUS server is in
the format of $enablevel$, where level specifies the privilege level to which the user wants to switch.
For example, if user user1 of domain aaa wants to switch the privilege level to 3, the system uses
$enab3@aaa$ for authentication when the domain name is required and uses $enab3$ for
authentication when the domain name is not required.
To configure AAA authentication methods for an ISP domain:
Step
1.
Enter system view.
2.
Enter ISP domain view.
3.
Specify the default
authentication method for all
types of users.
4.
Specify the authentication
method for LAN users.
5.
Specify the authentication
method for login users.
6.
Specify the authentication
method for portal users.
the
radius-scheme
Command
system-view
domain isp-name
authentication default
{ hwtacacs-scheme
hwtacacs-scheme-name [ local ] |
local | none | radius-scheme
radius-scheme-name [ local ] }
authentication lan-access { local |
none | radius-scheme
radius-scheme-name [ local |
none ] }
authentication login
{ hwtacacs-scheme
hwtacacs-scheme-name [ local ] |
local | none | radius-scheme
radius-scheme-name [ local ] }
authentication portal { local | none
| radius-scheme
radius-scheme-name [ local ] }
46
radius-scheme-name
Remarks
N/A
N/A
Optional.
The default setting is local.
The none keyword is not supported
in FIPS mode.
Optional.
The default authentication method
is used by default.
The none keyword is not supported
in FIPS mode.
Optional.
The default authentication method
is used by default.
The none keyword is not supported
in FIPS mode.
Optional.
The default authentication method
is used by default.
The none keyword is not supported
in FIPS mode.
local
or
hwtacacs-scheme
Advertisement
Table of Contents
Troubleshooting
