H3C Technologies H3C SecPath F1000-E User Manual
Page 43
10
To do…
Use the command…
Remarks
Specify that AVP data be
transferred in hidden mode
tunnel avp-hidden
Optional
By default, AVP data is transferred
in plain text.
Configuring AAA Authentication for VPN Users on LAC Side
You can configure an LAC to perform AAA authentication for VPN users and initiate a tunneling request
only for qualified users. No tunnel will be established for unqualified users.
The device supports both local AAA authentication and remote AAA authentication:
•
For local AAA authentication, create a local user and configure a password for each remote user
on the LAC. The LAC authenticates a remote user by matching the provided username and
password against those configured locally.
•
For remote AAA authentication, configure the username and password of each user on the
RADIUS/HWTACACS server. The LAC sends the remote user’s username and password to the
server to authenticate.
Follow these steps to configure local authentication, authorization, and accounting:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create a local user and enter its
view
local-user username
Configure a password for the local
user
password { simple | cipher }
password
Required
By default, no local user or
password is configured on an LAC.
Authorize the user to use the PPP
service
service-type ppp
Required
Return to system view
quit
—
Create an ISP domain and enter its
view
domain isp-name
Required
authentication ppp local
authorization ppp local
Configure the domain to use local
authentication/authorization/acc
ounting for its PPP users
accounting ppp local
Optional
Local
authentication/authorization/acc
ounting is used by default.
NOTE:
•
For successful user authentication, configure PPP on the LAC’s corresponding interface, for example, the
asynchronous serial interface that connects with users.
•
Configure the authentication type of PPP users as PAP or CHAP on the user access interfaces.
•
For information about AAA configuration commands and remote AAA authentication method
configuration, see
RADIUS Configuration in the Firewall Web Configuration Manual.