Configuring AAA 759
n
A self-service RADIUS server, for example, CAMS, is required for the self-service
server localization function. With the self-service function, a user can manage and
control his or her accounting information or module number. A server with
self-service software is a self-service server.
Configuring an AAA
Authentication Scheme
for an ISP Domain
In AAA, authentication, authorization, and accounting are three separate
processes. Authentication refers to the interactive authentication process of
username/password/user information during access or service request. The
authentication process neither sends authorization information to a supplicant nor
triggers any accounting. You can configure AAA to use only authentication. If you
do not perform any authentication configuration, the system-default ISP domain
uses the local authentication scheme.
Before configuring an authentication scheme, complete these three tasks:
■ For RADIUS or HWTACACS authentication, configure the RADIUS or
HWTACACS scheme to be referenced first. The local and none authentication
modes do not require any scheme.
■ Determine the access mode or service type to be configured. With AAA, you
can configure an authentication scheme specifically for each access mode and
service type, limiting the authentication protocols that can be used for access.
■ Determine whether to configure an authentication scheme for all access modes
or service types.
Follow these steps to configure an AAA authentication scheme for an ISP domain:
Place the ISP domain to the
state of active or blocked
state { active | block } Optional
When created, an ISP is in the
state of active by default, and
users in the domain can
request network services.
Specify the maximum number
of users in the ISP domain
access-limit { disable |
enable max-user-number }
Optional
No limit by default
Configure the idle cut
function
idle-cut { disable | enable
minute }
Optional
Disabled by default
Enable the self-service server
localization function and
specify the URL of the
self-service server for
changing user password
self-service-url { disable |
enable url-string }
Optional
Disabled by default
To do… Use the command… Remarks
To do… Use the command… Remarks
Enter system view system-view -
Create an ISP domain and
enter ISP domain view
domain isp-name Required
To Next Page
Loading...
