250
C
9: AAA
HAPTER
AND
Configuring AAA
RADIUS O
PERATION
Figure 3 Networking with Switch 7700 Applying RADIUS Authentication
PC use1
PC user2
Switch 7700
PC user3
PC user4
Switch 7700
AAA configuration includes tasks that are described in the following sections:
Creating/Deleting an ISP Domain
■
Configuring Relevant Attributes of an ISP Domain
■
Creating a Local User
■
Setting Attributes of a Local User
■
Disconnecting a User by Force
■
Among the above configuration tasks, creating ISP domain is required; otherwise
the supplicant attributes cannot be distinguished. The other tasks are optional.
You can configure them at requirements.
Creating/Deleting an ISP Domain
ISP domain is a group of users belonging to the same ISP. Taking
gw20010608@3com163.net as an example in the userid@isp-name format, the
isp-name (i.e. 3com163.net) following the @ is the ISP domain name. When the
Switch 7700 control user access, as for an ISP user whose username is in
userid@isp-name format, the system will take userid part as username for
identification and take isp-name part as domain name.
The purpose of introducing ISP domain settings is to support the multi-ISP
application environment. In such environment, one access device might access
users of different ISP. Because the attributes of ISP users, such as username and
password formats, etc., may be different, it is necessary to differentiate them
through setting ISP domain. In the Switch 7700 ISP domain view, you can
configure a complete set of exclusive ISP domain attributes on a per-ISP domain
basis, which includes AAA policy (RADIUS server group applied etc.)
For the Switch 7700, each supplicant belongs to an ISP domain. Up to 16 domains
can be configured in the system. If a user has not reported its ISP domain name,
the system will put it into the default domain.
Switch 7700
Switch 7700
Internet
Authentication
server
Accounting
server1
ISP1
ISP2