To Next Page

To Previous Page

353

AAA can be implemented through multiple protocols. The device supports RADIUS, which is most often

used. For more information about RADIUS, see "Configuring RADIUS."

Domain-based user management

A NAS manages users based on ISP domains. On a NAS, each user belongs to one ISP domain. A NAS

determines the ISP domain for a user by the username entered by the user at login. For a username in the

userid@isp-name format, the access device considers the userid part the username for authentication and

the isp-name part the ISP domain name.

In a networking scenario with multiple ISPs, a NAS can connect users of different ISPs. Different ISP users

can have different user attributes (such as username and password structure), different service type, and

different rights. To manage these ISP users, you need to create ISP domains and then configure AAA

methods and domain attributes for each ISP domain

On the NAS, each user belongs to an ISP domain. If a user provides no ISP domain name at login, the

NAS considers the user belongs to the default ISP domain.

AAA allows you to manage users based on their access types:

• LAN users—Users on a LAN who must pass 802.1X or MAC address authentication to access the

network.

• Login users—Users who want to log in to the device, including SSH users, Telnet users, Web users,

FTP users, and terminal users.

In addition, AAA provides command authorization for login users to improve device security. Command

authentication enables the NAS to defer to the authorization server to determine whether a command

entered by a login user is permitted for the user, and allows login users to execute only authorized

commands.

Configuration prerequisites

To deploy local authentication, configure local users on the access device. See "Configuring users."

To deploy remote authentication, authorization, or accounting, configure the RADIUS schemes to be

referenced. See "Configuring RADIUS."

Recommended configuration procedure

Ste

Remarks

1. Configuring an ISP domain

Optional.

Create ISP domains and specify one of them as the default ISP

domain.

By default, there is an ISP domain named system, which is the default

ISP domain.

2. Configuring authentication

methods for the ISP domain

Optional.

Configure authentication methods for various types of users.

By default, all types of users use local authentication.

Brand

Model

1920 Gigabit Ethernet Switch Series

HP 1920 Gigabit Ethernet Switch Series User Manual

Table of Contents

Questions and Answers:

HP 1920 Gigabit Ethernet Switch Series Specifications

Related product manuals