45
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter ISP domain view.
domain
isp-name
N/A
3. Place the ISP domain to the
active or blocked state.
state
{
active
|
block
}
Optional.
By default, an ISP domain is in
active state, and users in the
domain can request network
services.
4. Specify the maximum
number of online users in
the ISP domain.
access-limit enable
max-user-number
Optional.
No limit is specified by default.
5. Configure the idle cut
function.
idle-cut enable
minute [ flow ]
Optional.
Disabled by default.
This command is effective only on
LAN, portal, and PPP users.
6. Enable the self-service
server location function and
specify the URL of the
self-service server.
self-service-url enable
url-string
Optional.
Disabled by default.
7. Define an IP address pool
for allocating addresses to
PPP users.
ip pool
pool-number
{ low-ip-address
[ high-ip-address ] |
remote
server-ip-address }
Optional.
By default, no IP address pool is
configured for PPP users.
8. Specify the default
authorization user profile.
authorization-attribute
user-profile
profile-name
Optional.
By default, an ISP domain has no
default authorization user profile.
9. Set the device to include
the idle cut time in the user
online time to be uploaded
to the server.
session-time include-idle-time
Optional.
By default, the user online time
uploaded to the server excludes the
idle cut time.
Configuring authentication methods for an ISP domain
In AAA, authentication, authorization, and accounting are separate processes. Authentication refers
to the interactive authentication process of username/password/user information during an access
or service request. The authentication process neither sends authorization information to a
supplicant nor triggers any accounting.
AAA supports the following authentication methods:
• No authentication (none)—No authentication is performed. This method trusts all users and is
not for general use.
• Local authentication (local)—Authentication is performed by the NAS, which is configured
with the user information, including the usernames, passwords, and attributes. Local
authentication allows high speed and low cost, but the amount of information that can be stored
is limited by the size of the storage space.
• Remote authentication (scheme)—The NAS cooperates with a RADIUS or HWTACACS
server to authenticate users. Remote authentication provides centralized information
management, high capacity, high reliability, and support for centralized authentication service
for multiple NASs. You can configure local or no authentication as the backup method, which
will be used when the remote server is not available. The no authentication method can only be
configured for LAN users as the backup method of remote authentication.
To Next Page
Loading...
Need help?
General
