43
Step Command Remarks
4. Specify the maximum number
of online users in the ISP
domain.
access-limit enable
max-user-number
Optional.
No limit by default.
5. Configure the idle cut function.
idle-cut enable minute [ flow ]
Optional.
Disabled by default.
This command is effective for only
LAN users and portal users.
6. Enable the self-service server
location function and specify
the URL of the self-service
server.
self-service-url enable url-string
Optional.
Disabled by default.
7. Specify the default
authorization user profile.
authorization-attribute
user-profile profile-name
Optional.
By default, an ISP domain has no
default authorization user profile.
8. Set a DSCP value for the ISP
domain.
dscp dscp-value
Optional.
By default, no DSCP value is specified
for an ISP domain.
Configuring AAA authentication methods for an ISP domain
In AAA, authentication, authorization, and accounting are separate processes. Authentication refers to
the interactive authentication process of username/password/user information during an access or
service request. The authentication process does not send authorization information to a supplicant or
trigger accounting.
AAA supports the following authentication methods:
• No authentication (none)—All users are trusted and no authentication is performed. Generally, do
not use this method.
• Local authentication (local)—Authentication is performed by the NAS, which is configured with the
user information, including the usernames, passwords, and attributes. Local authentication allows
high speed and low cost, but the amount of information that can be stored is limited by the size of
the storage space.
• Remote authentication (scheme)—The NAS cooperates with a RADIUS, or HWTACACS server to
authenticate users. Remote authentication provides centralized information management, high
capacity, high reliability, and support for centralized authentication service for multiple NASs. You
can configure local or no authentication as the backup method, which is used when the remote
server is not available. No authentication can only be configured for LAN users as the backup
method of remote authentication.
You can configure AAA authentication to work alone without authorization and accounting. By default,
an ISP domain uses the local authentication method.
Before configuring authentication methods, complete the following tasks:
1. For RADIUS or HWTACACS authentication, configure the RADIUS or HWTACACS scheme to be
referenced first. The local and none authentication methods do not require a scheme.
To Next Page
Loading...
