38
To do… Use the command… Remarks
Specify the maximum number of
active users in the ISP domain
access-limit enable
max-user-number
Optional
No limit by default
Configure the idle cut function idle-cut enable minute [ flow ]
Optional
Disabled by default
This command is effective for only
LAN users and portal users.
Configure the self-service server
location function
self-service-url enable url-string
Optional
Disabled by default
Specify the default authorization
user profile
authorization-attribute
user-profile profile-name
Optional
By default, an ISP domain has no
default authorization user profile.
NOTE:
• If a user passes authentication but is authorized with no user profile, the device authorizes the default
user profile of the ISP domain to the user and restricts the user's behavior based on the profile. For more
information about user profile, see the chapter "User profile configuration."
• A self-service RADIUS server, such as Intelligent Management Center (iMC), is required for the
self-service server location function to work. With the self-service function, a user can manage and
control his or her accounting information or card number. A server with self-service software is a
self-service server.
Configuring AAA authentication methods for an ISP domain
In AAA, authentication, authorization, and accounting are separate processes. Authentication refers to
the interactive authentication process of username/password/user information during an access or
service request. The authentication process neither sends authorization information to a supplicant nor
triggers any accounting.
AAA supports the following authentication methods:
• No authentication—All users are trusted and no authentication is performed. Generally, do not use
this method.
• Local authentication—Authentication is performed by the NAS, which is configured with the user
information, including the usernames, passwords, and attributes. Local authentication features high
speed and low cost, but the amount of information that can be stored is limited by the hardware.
• Remote authentication—The access device cooperates with a RADIUS or HWTACACS server to
authenticate users. The device can use the standard RADIUS protocol or extended RADIUS protocol
in collaboration with systems like iMC to implement user authentication. Remote authentication
features centralized information management, high capacity, high reliability, and support for
centralized authentication service for multiple access devices. You can configure local or no
authentication as the backup method to be used when the remote server is not available. No
authentication can only be configured for LAN users as the backup method of remote
authentication.
You can configure AAA authentication to work alone without authorization and accounting. By default,
an ISP domain uses the local authentication method.
To Next Page
Loading...
