15
• VoIP users—Users who use the VoIP service.
• SSL VPN users—Users who access through SSL VPN.
In addition, AAA provides the following services for login users to enhance device security:
• Command authorization—Enables the NAS to defer to the authorization server to determine
whether a command entered by a login user is permitted, and allows login users to execute only
authorized commands. For more information about command authorization, see HPE
FlexNetwork MSR Router Series Comware 5 Fundamentals Configuration Guide.
• Command accounting—Allows the accounting server to record all commands executed on
the device or all authorized commands successfully executed. For more information about
command accounting, see HPE FlexNetwork MSR Router Series Comware 5 Fundamentals
Configuration Guide.
• Level switching authentication—Allows the authentication server to authenticate users who
perform privilege level switching. As long as passing level switching authentication, users can
switch their user privilege levels, without logging out and disconnecting current connections.
For more information about user privilege level switching, see HPE FlexNetwork MSR Router
Series Comware 5 Fundamentals Configuration Guide.
You can configure different AAA methods for different types of users in a domain. See "Configuring
AAA me
thods for ISP domains."
RADIUS server feature of the router
The following matrix shows the feature and hardware compatibility:
Hardware Feature compatibility
MSR900 No
MSR93X No
MSR20-1X Yes
MSR20 Yes
MSR30 Yes
MSR50 No
MSR1000 Yes
Typically, the RADIUS server runs on a computer or workstation, and the RADIUS client runs on a
NAS. You can also use the device as a RADIUS server, as shown in Figure 8. This d
eployment is
typically used for a cluster, where you can configure the cluster management device as a RADIUS
server to cooperate with access-layer cluster member devices to provide authentication and
authorization.
To Next Page
Loading...
Need help?
General
