beautypg.com

Configuration prerequisites, Configuration guidelines, Configuration procedure – H3C Technologies H3C S6300 Series Switches User Manual

Page 59

background image

44

Step Command

Remarks

5.

Specify the authentication

method for login users.

authentication login { hwtacacs-scheme
hwtacacs-scheme-name [ radius-scheme

radius-scheme-name ] [ local ] [ none ] |

ldap-scheme ldap-scheme-name [ local ]
[ none ] | local [ none ] | none | radius-scheme

radius-scheme-name [ hwtacacs-scheme

hwtacacs-scheme-name ] [ local ] [ none ] }

By default, the default
authentication method is

used for login users.
The none keyword is not

supported in FIPS mode.

6.

Specify the authentication
method for portal users.

authentication portal { ldap-scheme
ldap-scheme-name [ local ] [ none ] | local

[ none ] | none | radius-scheme
radius-scheme-name [ local ] [ none ] }

By default, the default
authentication method is

used for portal users.
The none keyword is not
supported in FIPS mode.

7.

Specify the authentication
method for obtaining a

temporary user role.

authentication super { hwtacacs-scheme
hwtacacs-scheme-name | radius-scheme
radius-scheme-name } *

By default, the default
authentication method is

used for obtaining a

temporary user role.

Configuring authorization methods for an ISP domain

Configuration prerequisites

Before configuring authorization methods, complete the following tasks:

1.

Determine the access type or service type to be configured. With AAA, you can configure an
authorization scheme for each access type and service type.

2.

Determine whether to configure the default authorization method for all access types or service
types. The default authorization method applies to all access users. However, the method has a

lower priority than the authorization method that is specified for an access type or service type.

Configuration guidelines

When configuring authorization methods, follow these guidelines:

The device supports HWTACACS authorization but not LDAP authorization.

To use a RADIUS scheme as the authorization method, specify the same RADIUS scheme that is
configured as the authentication method for the ISP domain. If an invalid RADIUS scheme is

specified as the authorization method, RADIUS authentication and authorization fail.

Configuration procedure

To configure authorization methods for an ISP domain:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter ISP domain view.

domain isp-name

N/A

3.

Specify the default
authorization method for

all types of users.

authorization default { hwtacacs-scheme
hwtacacs-scheme-name [ radius-scheme
radius-scheme-name ] [ local ] [ none ] |

local [ none ] | none | radius-scheme

radius-scheme-name [ hwtacacs-scheme
hwtacacs-scheme-name ] [ local ] [ none ] }

By default, the authorization
method is local.
The none keyword is not
supported in FIPS mode.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: