H3C Technologies H3C S12500-X Series Switches User Manual

Page 55

Advertising
background image

43

To specify a scheme for user role authentication, make sure the user role is in the format of level-n.

If an HWTACACS scheme is specified, the device uses the entered username for role authentication.
If a RADIUS scheme is specified, the device uses the username $enabn$ on the RADIUS server for

role authentication, where n is the same as that in the target user role level-n.

393B

Configuration procedure

To configure authentication methods for an ISP domain:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter ISP domain view.

domain isp-name

N/A

3.

Specify the default
authentication method for

all types of users.

authentication default { hwtacacs-scheme
hwtacacs-scheme-name [ radius-scheme

radius-scheme-name ] [ local ] [ none ] |

ldap-scheme ldap-scheme-name [ local ]
[ none ] | local [ none ] | none | radius-scheme

radius-scheme-name [ hwtacacs-scheme

hwtacacs-scheme-name ] [ local ] [ none ] }

By default, the default
authentication method is

local.
The none keyword is not

supported in FIPS mode.

4.

Specify the authentication
method for LAN users.

authentication lan-access { ldap-scheme
ldap-scheme-name [ local ] [ none ] | local

[ none ] | none | radius-scheme
radius-scheme-name [ local ] [ none ] }

By default, the default
authentication method is

used for LAN users.
The none keyword is not
supported in FIPS mode.

5.

Specify the authentication

method for login users.

authentication login { hwtacacs-scheme
hwtacacs-scheme-name [ radius-scheme

radius-scheme-name ] [ local ] [ none ] |

ldap-scheme ldap-scheme-name [ local ]
[ none ] | local [ none ] | none | radius-scheme

radius-scheme-name [ hwtacacs-scheme

hwtacacs-scheme-name ] [ local ] [ none ] }

By default, the default
authentication method is

used for login users.
The none keyword is not

supported in FIPS mode.

6.

Specify the user role
authentication method.

authentication super { hwtacacs-scheme
hwtacacs-scheme-name | radius-scheme

radius-scheme-name } *

By default, the default
authentication method is
used for user role

authentication.

170B

Configuring authorization methods for an ISP domain

394B

Configuration prerequisites

Before configuring authorization methods, complete the following tasks:

1.

Determine the access type or service type to be configured. With AAA, you can configure an
authorization scheme for each access type and service type.

2.

Determine whether to configure the default authorization method for all access types or service
types. The default authorization method applies to all access users, but it has a lower priority than

the authorization method that is specified for an access type or service type.

395B

Configuration guidelines

When configuring authorization methods, follow these guidelines:

The device supports HWTACACS authorization but not LDAP authorization.

Advertising
This manual is related to the following products:

H3C S5560 Series Switches, H3C WX6000 Series Access Controllers, H3C WX5000 Series Access Controllers, H3C WX3000 Series Unified Switches, H3C LSWM1WCM10 Access Controller Module, H3C LSWM1WCM20 Access Controller Module, H3C LSQM1WCMB0 Access Controller Module, H3C LSRM1WCM2A1 Access Controller Module, H3C LSBM1WCM2A0 Access Controller Module, H3C S9800 Series Switches, H3C S5130 Series Switches, H3C S5120 Series Switches

Popular Brands
Popular manuals