Configuration Guide AAA Configuration
Domain-name-based AAA service configuration example
The domain-name-based AAA service is applied to the IEEE802.1x
authentication service. For the detailed IEEE802.1x protocol configurations,
please refer to the chapter of 802.1x Configuration.
Overview
In the multi-domain environment, one NAS(Network Access Switch) can provide the AAA
service for the users in different domains. Due to the different user attributes(such as the
username, password, service type, privilege, ect) in each domain, it needs to tell them apart by
setting the domain method and set the attribute collection for each domain, including the AAA
service method list.
Ruijie product supports the following types of username:
1. userid@domain-name
2. domain-name\userid
3. userid.domain-name
4. userid
For the type4 username, i.e., userid, without the domain-name, its domain-name
is default.
The followings are the basic principles for the domain-name-based AAA service:
Resoluting the domain-name carried by the user
Searching for the user domain according to the domain-name
Searching for the AAA service method list-name according to the domain configurations
Searching the corresponding method list according to the method list-name in the system
Providing the AAA service using the method list
One of the abovementioned steps fails, the AAA service cannot be used.
The following is the typical topology in the multi-domain environment:
To Next Page
Loading...
