H3C Technologies H3C SecPath F1000-E User Manual

Page 9

Advertising
background image

iv

AAA overview ······························································································································································ 149

 

RADIUS ································································································································································· 150

 

HWTACACS ························································································································································ 155

 

Domain-based user management ······················································································································ 157

 

AAA across VPNs ··············································································································································· 158

 

Protocols and standards ····································································································································· 159

 

RADIUS attributes ················································································································································ 159

 

Configuring AAA at the CLI ········································································································································ 162

 

Configuring AAA schemes ·········································································································································· 164

 

Configuring local users ······································································································································· 164

 

Configuring RADIUS schemes in the Web interface ······················································································· 169

 

RADIUS configuration example in the Web interface ····················································································· 175

 

Configure RADIUS schemes at the CLI ·············································································································· 182

 

RADIUS scheme configuration guidelines ········································································································· 193

 

Configuring HWTACACS schemes in the Web interface ·············································································· 194

 

HWTACACS configuration example in the Web interface ············································································ 198

 

Configuring HWTACACS schemes at the CLI ·································································································· 201

 

HWTACACS scheme configuration guidelines ································································································ 208

 

Configuring AAA methods for ISP domains ·············································································································· 208

 

Configuration prerequisites ································································································································ 208

 

Creating an ISP domain ····································································································································· 209

 

Configuring ISP domain attributes ····················································································································· 209

 

Configuring AAA authentication methods for an ISP domain ········································································ 210

 

Configuring AAA authorization methods for an ISP domain ········································································· 212

 

Configuring AAA accounting methods for an ISP domain ············································································· 213

 

Forcibly tearing down user connections ···················································································································· 215

 

Configuring a NAS ID-VLAN binding ························································································································ 215

 

Displaying and maintaining AAA ······························································································································ 216

 

AAA configuration examples ······································································································································ 216

 

Authentication and authorization for Telnet and SSH users by a RADIUS server ········································ 216

 

Local authentication and authorization for Telnet and FTP users ··································································· 225

 

Level switching authentication for Telnet users by a RADIUS server ······························································ 227

 

AAA for portal users by a RADIUS server ········································································································ 231

 

Troubleshooting AAA ·················································································································································· 244

 

Troubleshooting RADIUS ····································································································································· 244

 

Troubleshooting HWTACACS ···························································································································· 246

 

Configuring password control ································································································································ 247

 

Feature and hardware compatibility ·························································································································· 247

 

Password control overview ········································································································································· 247

 

Password control configuration task list ····················································································································· 250

 

Configuring password control ···································································································································· 250

 

Enabling password control ································································································································· 250

 

Setting global password control parameters ···································································································· 251

 

Setting user group password control parameters ···························································································· 252

 

Setting local user password control parameters ······························································································ 253

 

Setting super password control parameters ····································································································· 253

 

Setting a local user password in interactive mode ·························································································· 254

 

Displaying and maintaining password control ········································································································· 254

 

Password control configuration example ·················································································································· 255

 

Configuring FIPS······················································································································································ 258

 

Feature and hardware compatibility ·························································································································· 258

 

Overview ······································································································································································· 258

 

Configuring FIPS ··························································································································································· 258

 

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands
Popular manuals