22
Task Remarks
Configuring the router as a RADIUS server
Optional.
NOTE:
To use AAA methods to control access of login users, you must configure the user interfaces to use
AAA by using the authentication-mode command. For more information, see HPE FlexNetwork
MSR Router Series Comware 5 Fundamentals Configuration Guide.
Configuring AAA schemes
Configuring local users
To implement local AAA, you must create local users and configure user attributes on the device.
The local users and attributes are stored in the local user database on the device. A local user is
uniquely identified by a username. Configurable local user attributes are as follows:
• Service type.
Services that the user can use. Local authentication checks the service types of a local user. If
none of the service types is available, the user cannot pass authentication.
Service types include DVPN, FTP, LAN access, PAD, portal, PPP, SSH, Telnet, terminal, and
Web. FTP and Telnet service types are not supported in FIPS mode.
• User state.
Indicates whether or not a local user can request network services. There are two user states:
active and blocked. A user in active state can request network services, but a user in blocked
state cannot.
• Maximum number of users using the same local user account.
Indicates how many users can use the same local user account for local authentication.
• Validity time and expiration time.
Indicates the validity time and expiration time of a local user account. A user must use a valid
local user account to pass local authentication. When some users need to access the network
temporarily, you can create a guest account and specify a validity time and an expiration time
for the account to control the validity of the account.
• User group.
Each local user belongs to a local user group and bears all attributes of the group, such as the
password control attributes and authorization attributes. For more information about local user
group, see "Configuring user group attributes." Supp
ort for user group depends on the device
model.
• Password control attributes.
Password control attributes help you control the security of local users' passwords. Password
control attributes include password aging time, minimum password length, and password
composition policy.
You can configure a password control attribute in system view, user group view, or local user
view, making the attribute effective on all local users, all local users in a group, or only the local
user. A password control attribute with a smaller effective range has a higher priority. For more
information about password management and global password configuration, see "Configuring
password control."
For more information about password control commands, see HPE FlexNetwork MSR Router
Series Comware 5 Security Command Reference.
• Binding attributes.
To Next Page
Loading...
Need help?
General
