Operation Manual – AAA-RADIUS-HWTACACS-EAD
H3C S3600 Series Ethernet Switches-Release 1510
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
1-18
Table 1-8 Configure separate AAA schemes
Operation Command Description
Enter system view
system-view
—
Create an ISP domain
and enter its view, or enter
the view of an existing ISP
domain
domain isp-name
Required
Configure an
authentication scheme for
the ISP domain
authentication
{ radius-scheme
radius-scheme-name
[ local ] |
hwtacacs-scheme
hwtacacs-scheme-name
[ local ] | local | none }
Optional
By default, no separate
authentication scheme is
configured.
Configure an
authorization scheme for
the ISP domain
authorization { none |
hwtacacs-scheme
hwtacacs-scheme-name }
Optional
By default, no separate
authorization scheme is
configured.
Configure an accounting
scheme for the ISP
domain
accounting { none |
radius-scheme
radius-scheme-name |
hwtacacs-scheme
hwtacacs-scheme-name }
Optional
By default, no separate
accounting scheme is
configured.
Note:
z If a combined AAA scheme is configured as well as the separate authentication,
authorization and accounting schemes, the separate ones will be adopted in
precedence.
z RADIUS scheme and local scheme do not support the separation of authentication
and authorization. Therefore, pay attention when you make authentication and
authorization configuration for a domain: When the scheme radius-scheme or
scheme local command is executed and the authentication command is not
executed, the authorization information returned from the RADIUS or local scheme
still takes effect even if the authorization none command is executed.
1.3.5 Configuring Dynamic VLAN Assignment
The dynamic VLAN assignment feature enables a switch to dynamically add the switch
ports of successfully authenticated users to different VLANs according to the attributes
assigned by the RADIUS server, so as to control the network resources that different
users can access.
To Next Page
Loading...
Need help?
General