EasyManua.ls Logo

3Com Switch 4800G 24-Port - Configuring AAA

3Com Switch 4800G 24-Port
1246 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
758 CHAPTER 53: AAA/RADIUS/HWTACACS CONFIGURATION
Configuring AAA By configuring AAA, you can provide network access service for legal users,
protect the networking devices, and avoid unauthorized access and bilking. In
addition, you can configure ISP domains to perform AAA on accessing users.
In AAA, users are divided into lan-access users (such as 802.1x users and MAC
authentication users), login users (such as SSH, Telnet, FTP, and terminal access
users), and command line users (that is, command line authentication users).
Except for command line users, you can configure separate
authentication/authorization/accounting policies for all the other type of users.
Command line users can be configured with authorization policy independently.
Configuration
Prerequisites
For remote authentication, authorization, or accounting, you must create the
RADIUS or HWTACACS scheme first.
RADIUS scheme: Reference a configured RADIUS scheme to implement
authentication/authorization and accounting. For RADIUS scheme
configuration, refer to “Configuring RADIUS” on page 765.
HWTACACS scheme: Reference a configured HWTACACS scheme to
implement authentication/authorization and accounting. For HWTACACS
scheme configuration, refer to “Configuring HWTACACS” on page 771.
Creating an ISP Domain For the NAS, each accessing user belongs to an ISP domain. Up to 16 ISP domains
can be configured on a NAS. If a user does not provide the ISP domain name, the
system considers that the user belongs to the default ISP domain.
Follow these steps to create an ISP domain:
n
You cannot delete the default ISP domain unless you change it to a non-default
ISP domain (with the domain default disable command) first.
If a user enters a username without an ISP domain name, the device uses the
authentication scheme for the default ISP domain to authenticate the user.
Configuring ISP Domain
Attributes
Follow these steps to configure ISP domain attributes:
To do… Use the command… Remarks
Enter system view system-view -
Create an ISP domain and
enter ISP domain view
domain isp-name Required
Return to system view quit -
Specify the default ISP domain domain default { disable |
enable isp-name }
Optional
The system-default ISP
domain named system by
default
To do… Use the command… Remarks
Enter system view system-view -
Create an ISP domain and
enter ISP domain view
domain isp-name Required

Table of Contents

Related product manuals