[x]

Configuring AAA methods for ISP domains > Configuring authorization methods for an ISP domain

 

 Next

Configuring authorization methods for an ISP domain

Configuration prerequisites

Before configuring authorization methods, complete the following tasks:

  1. Determine the access type or service type to be configured. With AAA, you can configure an authorization scheme for each access type and service type.

  2. Determine whether to configure the default authorization method for all access types or service types. The default authorization method applies to all access users. However, the method has a lower priority than the authorization method that is specified for an access type or service type.

Configuration guidelines

When configuring authorization methods, follow these guidelines:

Configuration procedure

To configure authorization methods for an ISP domain:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter ISP domain view.

domain isp-name

N/A

3. Specify the default authorization method for all types of users.

authorization default { hwtacacs-scheme hwtacacs-scheme-name [ radius-scheme radius-scheme-name ] [ local ] [ none ] | local [ none ] | none | radius-scheme radius-scheme-name [ hwtacacs-scheme hwtacacs-scheme-name ] [ local ] [ none ] }

By default, the authorization method is local.

The none keyword is not supported in FIPS mode.

4. Specify the authorization method for ADVPN users.

authorization advpn { local [ none ] | none | radius-scheme radius-scheme-name [ local ] [ none ] }

By default, the default authorization method is used for ADVPN users.

The none keyword is not supported in FIPS mode.

5. Specify the command authorization method.

authorization command { hwtacacs-scheme hwtacacs-scheme-name [ local ] [ none ] | local [ none ] | none }

By default, the default authorization method is used for command authorization.

The none keyword is not supported in FIPS mode.

6. Specify the authorization method for IKE extended authentication.

authorization ike { local [ none ] | none }

By default, the default authorization method is used for IKE extended authentication.

The none keyword is not supported in FIPS mode.

7. Specify the authorization method for IPoE users.

authorization ipoe { local [ none ] | none | radius-scheme radius-scheme-name [ local ] [ none ] }

By default, the default authorization method is used for IPoE users.

The none keyword is not supported in FIPS mode.

8. Specify the authorization method for LAN users.

authorization lan-access { local [ none ] | none | radius-scheme radius-scheme-name [ local ] [ none ] }

By default, the default authorization method is used for LAN users.

The none keyword is not supported in FIPS mode.

9. Specify the authorization method for login users.

authorization login { hwtacacs-scheme hwtacacs-scheme-name [ radius-scheme radius-scheme-name ] [ local ] [ none ] | local [ none ] | none | radius-scheme radius-scheme-name [ hwtacacs-scheme hwtacacs-scheme-name ] [ local ] [ none ] }

By default, the default authorization method is used for login users.

The none keyword is not supported in FIPS mode.

10. Specify the authorization method for portal users.

authorization portal { local [ none ] | none | radius-scheme radius-scheme-name [ local ] [ none ] }

By default, the default authorization method is used for portal users.

The none keyword is not supported in FIPS mode.

11. Specify the authorization method for PPP users.

authorization ppp { hwtacacs-scheme hwtacacs-scheme-name [ radius-scheme radius-scheme-name ] [ local ] [ none ] | local [ none ] | none | radius-scheme radius-scheme-name [ hwtacacs-scheme hwtacacs-scheme-name ] [ local ] [ none ] }

By default, the default authorization method is used for PPP users.

The none keyword is not supported in FIPS mode.

prev

 

up

 next

Configuring authentication methods for an ISP domain 

home

 Configuring accounting methods for an ISP domain

© Copyright 2017 Hewlett Packard Enterprise Development LP