AAA Configuration Task List 247
command has been executed, though it cannot perform accounting for the
user in this case.
■ The self-service server location function needs the cooperation of a RADIUS
server that supports self-service, such as comprehensive access management
server (CAMS). Through self-service, users can manage and control their
account or card numbers by themselves. A server installed with self-service
software is called a self-service server.
■ 3Com’s CAMS Server is a service management system used to manage
networks and ensure network and user information security. With the
cooperation of other networking devices (such as switches) in a network, a
CAMS server can implement the AAA functions and right management.
Configuring an AAA
Scheme for an ISP
Domain
You can configure either of the following AAA schemes:
Configuring a combined AAA scheme
You can use the scheme command to specify an AAA scheme for an ISP domain.
If you specify a RADIUS scheme, the authentication, authorization and accounting
will be uniformly implemented by the RADIUS server(s) specified in the RADIUS
scheme. In this way, you cannot specify different schemes for authentication,
authorization and accounting respectively.
c
CAUTION:
■ You can execute the scheme radius-scheme radius-scheme-name command
to adopt an already configured RADIUS scheme to implement all the three
AAA functions. If you adopt the local scheme, only the authentication and
authorization functions are implemented, the accounting function cannot be
implemented.
■ If you execute the scheme radius-scheme radius-scheme-name local
command, the local scheme is used as the secondary scheme in case no
RADIUS server is available. That is, if the communication between the switch
and a RADIUS server is normal, no local authentication is performed;
otherwise, local authentication is performed.
■ If you execute the scheme local or scheme none command to adopt local or
none as the primary scheme, the local authentication is performed or no
authentication is performed. In this case you cannot specify any RADIUS
scheme at the same time.
■ If you execute the scheme none command, the FTP users in the domain will
not pass the authentication. So, to allow users to use the FTP service, you
should not use none scheme.
Tab le 183 Configure a combined AAA scheme
Operation Command Remarks
Enter system view system-view -
Create an ISP domain and
enter its view, or enter the
view of an existing ISP domain
domain isp-name Required
Configure an AAA scheme for
the ISP domain
scheme { local | none |
radius-scheme
radius-scheme-name [ local ] }
Required
By default, an ISP domain uses
the local AAA scheme.
To Next Page
Loading...
