Operation Manual - Security
Quidway S6500 Series Ethernet Switches
Chapter 2 AAA and RADIUS Protocol
Configuration
Huawei Technologies Proprietary
2-5
different ISPs. Because the attributes of ISP users, such as username and password
formats, etc, may be different, it is necessary to differentiate them by ISP domains.
For a switch, each supplicant belongs to an ISP domain. Up to 16 domains can be
configured in the system. If a user has not reported its ISP domain name, the system
will put it into the default domain.
Perform the following configurations in system view.
Table 2-2 Creating/deleting an ISP domain
Operation Command
Create ISP domain or enter the view of a
specified domain.
domain isp-name
Remove a specified ISP domain
undo domain isp-name
Enable the default ISP domain specified by
isp-name
domain default enable isp-name
Restore the default ISP domain to “system”
domain default disable
By default, a domain named “system” has been created in the system. Its attributes are
all default values.
II. Configuring the AAA scheme
The AAA schemes includes:
z RADIUS scheme (radius-scheme): You can reference an already configured
radius-scheme-name to implement the AAA services.
z Local scheme (local): Only authentication and authorization are implemented;
accounting is not implemented.
z None (none): No authentication and accounting.
When using radius-scheme radius-scheme-name local in the configuration command,
the local refers to the alternative authentication scheme if the RADIUS server returns
no normal response. That is, when the RADIUS server operates normally, the local
scheme is not used; otherwise, the local scheme is used.
Perform the following configuration in ISP domain view.
Table 2-3 Configuring AAA scheme adopted by the ISP domain
Operation Command
Configure an AAA scheme for the
domain.
scheme { radius-scheme
radius-scheme-name [ local ] | local | none }
Configure an RADIUS scheme
radius-scheme radius-scheme-name
Restore the default AAA scheme. undo scheme [ radius-scheme | none ]
To Next Page
Loading...
Need help?
General
