HP 5500 Ei 5500 Si Switch Series Configuration Guide
Here you can view all the pages of manual HP 5500 Ei 5500 Si Switch Series Configuration Guide. The HP manuals for Printer are available online for free. You can easily download all the documents as PDF.
Page 1681
16 Task Remarks Configuring HWTACACS schemes Configuring AAA methods for ISP domains Creating an ISP domain Required. Configuring ISP domain attributes Optional. Configuring AAA authentication methods for an ISP domain Required. Complete at least one task. Configuring AAA authorization methods for an ISP domain Configuring AAA accounting methods for an ISP domain Tearing down user connections Optional. Configuring a NAS ID-VLAN binding Optional. Specifying the device ID used in...
Page 1682
17 create a guest account and specify a validity time and an expiration time for the account to control the validity of the account. • User group: Each local user belongs to a local user group and bears all attributes of the group, such as the password control attributes and authorization attr ibutes. For more information about local user group, see Configuring user group attributes . • Password control attributes: Password control attributes help you control the security of local users’...
Page 1683
![Page 1683
18
Step Command Remarks
2. Add a local user and enter
local user view. local-user
user-name No local user exists by default.
3. Configure a password for the
local user. password
[ { cipher | simple }
password ] Optional.
A local user with no password
configured directly passes
authentication after providing the
valid local username and
attributes. To enhance security,
configure a password for each
local user.
If none of the parameters is
specified, you enter the interactive...](http://img.usermanuals.tech/thumb/36/58909/w300_hp-5500-ei-5500-si-switch-series-configuration-guide-1682.png "Page 1683
18
Step Command Remarks
2. Add a local user and enter
local user view. local-user
user-name No local user exists by default.
3. Configure a password for the
local user. password
[ { cipher | simple }
password ] Optional.
A local user with no password
configured directly passes
authentication after providing the
valid local username and
attributes. To enhance security,
configure a password for each
local user.
If none of the parameters is
specified, you enter the interactive...")
18
Step Command Remarks
2. Add a local user and enter
local user view. local-user
user-name No local user exists by default.
3. Configure a password for the
local user. password
[ { cipher | simple }
password ] Optional.
A local user with no password
configured directly passes
authentication after providing the
valid local username and
attributes. To enhance security,
configure a password for each
local user.
If none of the parameters is
specified, you enter the interactive...
Page 1684
19
Step Command Remarks
9. Configure the authorization
attributes for the local user. authorization-attribute
{ acl
acl-number | callback-number
callback-number | idle-cut minute
| level level | user-profile
profile-name | user-role { guest |
guest-manager | security-audit } |
vlan vlan-id | work-directory
directory-name } * Optional.
By default, no authorization
attribute is configured for a local
user.
For LAN and portal users, only
acl,
idle-cut , user-profile ,...
Page 1685
20 By default, every newly added local user belongs to the system default user group system and bears all attributes of the group. To change the user group to which a local user belongs, use the user-group command in local user view. To configure attributes for a user group: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a user group and enter user group view. user-group group-name N/A 3. Configure password control attributes for the user group. • Set the...
Page 1686
![Page 1686
21
Task Command Remarks
Display the user group configuration
information. display user-group [ group-name
] [ |
{ begin | exclude | include }
regular-expression ] Available in any view
Configuring RADIUS schemes
A RADIUS scheme specifies the RADIUS servers that the switch can cooperate with and defines a set of
parameters that the switch uses to exchange information with the RADIUS servers. There may be
authentication/authorization servers and accounting servers, or primary servers and...](http://img.usermanuals.tech/thumb/36/58909/w300_hp-5500-ei-5500-si-switch-series-configuration-guide-1685.png "Page 1686
21
Task Command Remarks
Display the user group configuration
information. display user-group [ group-name
] [ |
{ begin | exclude | include }
regular-expression ] Available in any view
Configuring RADIUS schemes
A RADIUS scheme specifies the RADIUS servers that the switch can cooperate with and defines a set of
parameters that the switch uses to exchange information with the RADIUS servers. There may be
authentication/authorization servers and accounting servers, or primary servers and...")
21
Task Command Remarks
Display the user group configuration
information. display user-group [ group-name
] [ |
{ begin | exclude | include }
regular-expression ] Available in any view
Configuring RADIUS schemes
A RADIUS scheme specifies the RADIUS servers that the switch can cooperate with and defines a set of
parameters that the switch uses to exchange information with the RADIUS servers. There may be
authentication/authorization servers and accounting servers, or primary servers and...
Page 1687
22 Step Command Remarks 1. Enter system view. system-view N/A 2. Create a RADIUS scheme and enter RADIUS scheme view. radius scheme radius-scheme-name No RADIUS scheme exists by default. NOTE: A RADIUS scheme can be referenced by multiple ISP domains at the same time. Specifying the RADIUS authentication/authorization servers You can specify one primary authentication/authorization server and up to 16 secondary authentication/authorization servers for a RADIUS scheme. When the...
Page 1688
![Page 1688
23
Step Command Remarks
3. Specify RADIUS
authentication/authorization
servers.
• Specify the primary RADIUS
authentication/authorization server:
primary authentication { ip-address |
ipv6 ipv6-address } [ port-number | key
[ cipher | simple ] key | probe
username name [ interval interval ] |
vpn-instance vpn-instance-name ] *
• Specify a secondary RADIUS
authentication/authorization server:
secondary authentication { ip-address |
ipv6 ipv6-address } [ port-number |...](http://img.usermanuals.tech/thumb/36/58909/w300_hp-5500-ei-5500-si-switch-series-configuration-guide-1687.png "Page 1688
23
Step Command Remarks
3. Specify RADIUS
authentication/authorization
servers.
• Specify the primary RADIUS
authentication/authorization server:
primary authentication { ip-address |
ipv6 ipv6-address } [ port-number | key
[ cipher | simple ] key | probe
username name [ interval interval ] |
vpn-instance vpn-instance-name ] *
• Specify a secondary RADIUS
authentication/authorization server:
secondary authentication { ip-address |
ipv6 ipv6-address } [ port-number |...")
23
Step Command Remarks
3. Specify RADIUS
authentication/authorization
servers.
• Specify the primary RADIUS
authentication/authorization server:
primary authentication { ip-address |
ipv6 ipv6-address } [ port-number | key
[ cipher | simple ] key | probe
username name [ interval interval ] |
vpn-instance vpn-instance-name ] *
• Specify a secondary RADIUS
authentication/authorization server:
secondary authentication { ip-address |
ipv6 ipv6-address } [ port-number |...
Page 1689
![Page 1689
24
Step Command Remarks
3. Specify RADIUS accounting
servers.
• Specify the primary RADIUS accounting
server:
primary accounting { ip-address | ipv6
ipv6-address } [ port-number | key [ cipher
| simple ] key | vpn-instance
vpn-instance-name ] *
• Specify a secondary RADIUS accounting
server:
secondary accounting { ip-address | ipv6
ipv6-address } [ port-number | key [ cipher
| simple ] key | vpn-instance
vpn-instance-name ] * Configure at least one
command.
No...](http://img.usermanuals.tech/thumb/36/58909/w300_hp-5500-ei-5500-si-switch-series-configuration-guide-1688.png "Page 1689
24
Step Command Remarks
3. Specify RADIUS accounting
servers.
• Specify the primary RADIUS accounting
server:
primary accounting { ip-address | ipv6
ipv6-address } [ port-number | key [ cipher
| simple ] key | vpn-instance
vpn-instance-name ] *
• Specify a secondary RADIUS accounting
server:
secondary accounting { ip-address | ipv6
ipv6-address } [ port-number | key [ cipher
| simple ] key | vpn-instance
vpn-instance-name ] * Configure at least one
command.
No...")
24
Step Command Remarks
3. Specify RADIUS accounting
servers.
• Specify the primary RADIUS accounting
server:
primary accounting { ip-address | ipv6
ipv6-address } [ port-number | key [ cipher
| simple ] key | vpn-instance
vpn-instance-name ] *
• Specify a secondary RADIUS accounting
server:
secondary accounting { ip-address | ipv6
ipv6-address } [ port-number | key [ cipher
| simple ] key | vpn-instance
vpn-instance-name ] * Configure at least one
command.
No...
Page 1690
25 To specify a VPN for a RADIUS scheme: Step Command 1. Enter system view. system-view 2. Enter RADIUS scheme view. radius scheme radius-scheme-name 3. Specify a VPN for the RADIUS scheme. vpn-instance vpn-instance-name Setting the username format and traffic statistics units A username is usually in the format of userid@isp-name , where isp-name represents the name of the ISP domain the user belongs to and is used by the sw itch to determine which users belong to which ISP...