Operation Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration
Huawei Technologies Proprietary
3-3
Internet
S3500 series
PC user1
PC user2
PC user3
PC user4
S3500 series
S3000 series
S2000 series
ISP1
ISP2
Internet
Authentication
Server
Accounting
Server1
InternetInternet
S3500 series
PC user1
PC user2
PC user3
PC user4
S3500 series
S3000 series
S2000 series
ISP1
ISP2
Internet
Authentication
Server
Accounting
Server1
Figure 3-1 Networking when S3500 Series Ethernet Switches applying RADIUS
authentication
3.2 AAA Configuration
AAA configuration includes:
z Creating/Deleting ISP Domain
z Configuring Relevant Attributes of ISP Domain
z Creating a local user
z Setting attributes of local user
z Disconnecting a user by force
z Configuring Dynamic VLAN with RADIUS Server
Among the above configuration tasks, creating ISP domain is compulsory, otherwise
the supplicant attributes cannot be distinguished. The other tasks are optional. You can
configure them at requirements.
3.2.1 Creating/Deleting ISP Domain
What is Internet Service Provider (ISP) domain? To make it simple, ISP domain is a
group of users belonging to the same ISP. Generally, for a username in the
userid@isp-name format, taking gw20010608@huawei163.net as an example, the
isp-name (i.e. huawei163.net) following the @ is the ISP domain name. When Quidway
Series Switches control user access, as for an ISP user whose username is in
userid@isp-name format, the system will take userid part as username for identification
and take isp-name part as domain name.
The purpose of introducing ISP domain settings is to support the multi-ISP application
environment. In such environment, one access device might access users of different
ISP. Because the attributes of ISP users, such as username and password formats, etc,
may be different, it is necessary to differentiate them through setting ISP domain. In
To Next Page
Loading...
Need help?
General
