Configuration Guide Configuring AAA
EXEC accounting
Accounting is performed when users log in to and out of the CLI of the NAS.
Command accounting
Records are kept on the commands that users run on the CLI of the NAS.
Network accounting
Records are kept on the sessions that users set up after completing 802.1X and Web authentication to access the Internet.
Related Configuration
Enabling AAA
By default, AAA is disabled.
To enable AAA, run the aaa new-model command.
Configuring an AAA Accounting Scheme
By default, no AAA accounting method is configured.
Before you configure an AAA accounting scheme, determine whether to use local accounting or remote server-group
accounting. If remote server-group accounting needs to be implemented, configure a RADIUS or TACACS+ server in
advance. If local accounting needs to be implemented, configure the local user database information on the NAS.
Configuring an AAA Accounting Method List
By default, no AAA accounting method list is configured.
Determine the access mode to be configured in advance. Then configure accounting methods according to the access mode.
2.3.4 Multi-Domain AAA
In a multi-domain environment, the NAS can provide the AAA services to users in different domains. The user AVs (such as
usernames and passwords, service types, and permissions) may vary with different domains. It is necessary to configure
domains to differentiate the user AVs in different domains and configure an AV set (including an AAA service method list, for
example, RADIUS) for each domain.
Our products support the following username formats:
1. userid@domain-name
2. domain-name\userid
3. userid.domain-name
4. userid
The fourth format (userid) does not contain a domain name, and it is considered to use the default domain name.
The NAS provides the domain-based AAA service based on the following principles:
Resolves the domain name carried by a user.
To Next Page
Loading...
Need help?
General
