EasyManua.ls Logo

3Com 4210G Series - HWTACACS Configuration Task List; Configuring AAA; Configuration Prerequisites; Creating an ISP Domain

3Com 4210G Series
1133 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
1-12
HWTACACS Configuration Task List
Task Remarks
Creating a HWTACACS scheme Required
Specifying the HWTACACS Authentication Servers Required
Specifying the HWTACACS Authorization Servers Optional
Specifying the HWTACACS Accounting Servers Optional
Setting the Shared Key for HWTACACS Packets Required
Configuring Attributes Related to the Data Sent to HWTACACS Server Optional
Setting Timers Regarding HWTACACS Servers Optional
Displaying and Maintaining HWTACACS Optional
Configuring AAA
By configuring AAA, you can provide network access service for legal users, protect the networking
devices, and avoid unauthorized access and repudiation. In addition, you can configure ISP domains
to perform AAA on accessing users.
The AAA feature allows you to manage users based on their access types:
z LAN users: Users on a LAN who access through, for example, 802.1X authentication or MAC
address authentication.
z Login users: Users who log in using, for example, SSH, Telnet, FTP, or HyperTerminal.
You can configure separate authentication/authorization/accounting policies for all the other types of
users.
For a user who has logged in to the device, AAA can provide the command authorization service to
enhance device security: Allows the authorization server to check each command executed by the
login user and only authorized commands can be successfully executed.
Configuration Prerequisites
For remote authentication, authorization, or accounting, you must create the RADIUS or HWTACACS
scheme first. For RADIUS scheme configuration, refer to
Configuring RADIUS. For HWTACACS
scheme configuration, refer to
Configuring HWTACACS.
Creating an ISP Domain
An Internet service provider (ISP) domain represents a group of users belonging to it. For a username
in the userid@isp-name format, the access device considers the userid part the username for
authentication and the isp-name part the domain name.
In a networking scenario with multiple ISPs, an access device may connect users of different ISPs. As
users of different ISPs may have different user attributes (such as username and password structure,
service type, and rights), you need to configure ISP domains to distinguish the users. In addition, you
need to configure different attribute sets including AAA methods for the ISP domains.

Table of Contents

Other manuals for 3Com 4210G Series

Preview: Getting Started Guide
Getting Started Guide78 pages

Related product manuals