HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 51
If you specify only the, keyword in an authentication method configuration command - switch commands
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 51 highlights
2. Determine the access type or service type to be configured. With AAA, you can configure an authentication method for each access type and service type, limiting the authentication protocols that can be used for access. 3. Determine whether to configure an authentication method for all access types or service types. Follow these guidelines when you configure AAA authentication methods for an ISP domain: • The authentication method specified with the authentication default command is for all types of users and has a priority lower than that for a specific access type. • With an authentication method that references a RADIUS scheme, AAA accepts only the authentication result from the RADIUS server. The Access-Accept message from the RADIUS server also carries the authorization information, but the authentication process ignores the information. • If you specify the radius-scheme radius-scheme-name local, hwtacacs-scheme hwtacacs-scheme-name local option when you configure an authentication method, local authentication is the backup method and is used only when the remote server is not available. • If you specify only the local or none keyword in an authentication method configuration command, the switch has no backup authentication method and performs only local authentication or does not perform any authentication. • If the method for level switching authentication references an HWTACACS scheme, the switch uses the login username of a user for level switching authentication of the user by default. If the method for level switching authentication references a RADIUS scheme, the system uses the username configured for the corresponding privilege level on the RADIUS server for level switching authentication, rather than the login username. A username configured on the RADIUS server is in the format of $enablevel$, where level specifies the privilege level to which the user wants to switch. For example, if user user1 of domain aaa wants to switch the privilege level to 3, the system uses $enab3@aaa$ for authentication when the domain name is required and uses $enab3$ for authentication when the domain name is not required. To configure AAA authentication methods for an ISP domain: Step 1. Enter system view. 2. Enter ISP domain view. 3. Specify the default authentication method for all types of users. 4. Specify the authentication method for LAN users. 5. Specify the authentication method for login users. 6. Specify the authentication method for privilege level switching. Command Remarks system-view N/A domain isp-name N/A authentication default { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none | radius-scheme radius-scheme-name [ local ] } Optional. The default authentication method is local for all types of users. authentication lan-access { local | none | radius-scheme radius-scheme-name [ local | none ] } Optional. The default authentication method is used by default. authentication login { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none | radius-scheme radius-scheme-name [ local ] } Optional. The default authentication method is used by default. authentication super { hwtacacs-scheme hwtacacs-scheme-name | radius-scheme radius-scheme-name } Optional. The default authentication method is used by default. 41