EasyManua.ls Logo

3Com Switch 4800G 24-Port - Page 762

3Com Switch 4800G 24-Port
1246 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
762 CHAPTER 53: AAA/RADIUS/HWTACACS CONFIGURATION
If the primary authentication scheme is local or none, the system performs
local authorization or does not perform any authorization, rather than uses the
RADIUS or HWTACACS scheme.
Authorization information of the RADIUS server is sent to the RADIUS client
along with the authorization response message; therefore, you cannot specify
a separate RADIUS server. If you use RADIUS for authorization and
authentication, you must use the same scheme setting for authorization and
authentication; otherwise, the system will prompt you with an error message.
Configuring an AAA
Accounting Scheme for
an ISP Domain
In AAA, accounting is a separate process at the same level as authentication and
authorization. Its responsibility is to send accounting start/update/end requests to
the specified accounting server. Accounting is not required, and therefore
accounting scheme configuration is optional. If you do not perform any
accounting configuration, the system-default domain uses the local accounting
scheme.
Before configuring an authorization scheme, complete these three tasks:
1 For RADIUS or HWTACACS accounting, configure the RADIUS or HWTACACS
scheme to be referenced first. The local and none authentication modes do not
require any scheme.
2 Determine the access mode or service type to be configured. With AAA, you can
configure an accounting scheme specifically for each access mode and service
type, limiting the accounting protocols that can be used for access.
3 Determine whether to configure an accounting scheme for all access modes or
service types.
Follow these steps to configure an AAA accounting scheme for an ISP domain:
To do… Use the command… Remarks
Enter system view system-view -
Create an ISP domain and
enter ISP domain view
domain isp-name Required
Enable the accounting
optional feature
accounting optional Optional
Disabled by default
Specify the default accounting
scheme for all types of users
accounting default
{ hwtacacs-scheme
hwtacacs-scheme-name
[ local ] | local | none |
radius-scheme
radius-scheme-name
[ local ]}
Optional
Local by default
Specify the accounting
scheme for LAN access users
accounting lan-access
{ local | none |
radius-scheme
radius-scheme-name
[ local ]}
Optional
The default accounting
scheme is used by default.

Table of Contents

Related product manuals