Domain-based user management····························································································································352

Configuring AAA ····························································································································································352

Configuration prerequisites······································································································································352 Configuration task list···············································································································································352

Configuring an ISP domain ·····································································································································353

Configuring authentication methods for the ISP domain ······················································································354

Configuring authorization methods for the ISP domain························································································355

Configuring accounting methods for the ISP domain ···························································································356

AAA configuration example ··········································································································································358

RADIUS configuration ············································································································································· 363

Introduction to RADIUS·············································································································································363

Client/server model··················································································································································363

Security and authentication mechanisms ···············································································································363

Basic message exchange process of RADIUS ·······································································································364

RADIUS packet format··············································································································································365

Extended RADIUS attributes·····································································································································367

Protocols and standards···········································································································································368 Configuring RADIUS·······················································································································································368 Configuration task list···············································································································································368

Configuring RADIUS servers····································································································································369

Configuring RADIUS parameters ····························································································································370

RADIUS configuration example·····································································································································373

Configuration guidelines················································································································································378

Users ········································································································································································ 379

Configuring users····························································································································································379

Configuring a local user ··········································································································································379

Configuring a user group ········································································································································381

PKI configuration ····················································································································································· 383

PKI overview ····································································································································································383

PKI terms ····································································································································································383

Architecture of PKI ····················································································································································383

Applications of PKI ···················································································································································384

Operation of PKI ·······················································································································································385

Configuring PKI·······························································································································································385

Configuration task list···············································································································································385

Creating a PKI entity·················································································································································388

Creating a PKI domain·············································································································································389

Generating an RSA key pair ···································································································································392

Destroying the RSA key pair····································································································································392

Retrieving a certificate··············································································································································393 Requesting a local certificate···································································································································395

Retrieving and displaying a CRL ·····························································································································396

PKI configuration example ·············································································································································397

Configuring a PKI entity to request a certificate from a CA·················································································397

Configuration guidelines················································································································································402

Port isolation group configuration·························································································································· 403

Overview ·········································································································································································403

Configuring a port isolation group ·······························································································································403

Port isolation group configuration example·················································································································404

10

Page 10
Image 10
HP V1910 manual