37
Configuration prerequisites
To use local authentication for users in an ISP domain, configure local user accounts (see "Configuring
local user attributes") on the access device.
To use remote authentication, authorization, and accounting, create the required RADIUS and
HWTACACS schemes as described in "Configuring RADIUS schemes" and "Configuring HWTACACS
sc
hemes."
Creating an ISP domain
In a networking scenario with multiple ISPs, an access device may connect users of different ISPs.
Because users of different ISPs may have different user attributes (for example, different username and
password structure, service type, and rights), you must configure ISP domains to distinguish the users and
configure different AAA methods for the ISP domains.
On a NAS, each user belongs to an ISP domain. A NAS can accommodate up to 16 ISP domains,
including the factory default ISP domain, which is named system. If a user does not provide the ISP
domain name at login, the system considers that the user belongs to the default ISP domain.
Follow these steps to create an ISP domain:
To do… Use the command… Remarks
Enter system view system-view —
Create an ISP domain and enter
ISP domain view
domain isp-name Required
Return to system view quit —
Specify the default ISP domain
domain default enable
isp-name
Optional
By default, the default ISP domain is the
factory default ISP domain system.
NOTE:
To delete the default ISP domain, you must change it to a non-default ISP domain (with the undo domain
default enable command) first.
Configuring ISP domain attributes
Follow these steps to configure ISP domain attributes:
To do… Use the command… Remarks
Enter system view system-view —
Enter ISP domain view domain isp-name —
Place the ISP domain to the state of
active or blocked
state { active | block }
Optional
By default, an ISP domain is in the
active state, and users in the domain
can request network services.
To Next Page
Loading...
