Configuring AAA authentication for VPN users on LAC side
You can configure an LAC to perform AAA authentication for VPN users and initiate a tunneling request only for qualified users. No tunnel will be established for unqualified users.
The device supports both local AAA authentication and remote AAA authentication:
For local AAA authentication, create a local user and configure a password for each remote user on the LAC. The LAC authenticates a remote user by matching the provided username and password against those configured locally.
For remote AAA authentication, configure the username and password of each user on the RADIUS/HWTACACS server. The LAC sends the remote user's username and password to the server to authenticate.
Configuration restrictions and guidelines
When you configure AAA authentication for VPN users on LAC side, follow these guidelines:
For successful user authentication, configure PPP on the LAC's corresponding interface, for example, the asynchronous serial interface that connects with users. For PPP configuration information, see "Configuring PPP and MP."
Configure the authentication type of PPP users as PAP, CHAP, or MS-CHAP on the user access interfaces.
Configuration procedure
To configure local authentication, authorization, and accounting:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Create a local user and enter its view. | local-user username | By default, no local user or password is configured on an LAC. |
3. Configure a password for the local user. | password { cipher | simple } password | |
4. Authorize the user to use the PPP service. | service-type ppp | N/A |
5. Return to system view. | quit | N/A |
6. Create an ISP domain and enter its view. | domain isp-name | N/A |
7. Configure the domain to use local authentication/authorization/accounting for its PPP users. |
| Optional. Local authentication/authorization/accounting is used by default. |
For information about AAA configuration commands and remote AAA authentication method configuration, see HPE FlexNetwork MSR Router Series Comware 5 Security Configuration Guide.