3Com 7757 Configuration Manual page 520
3com switch 7750 family
Hide thumbs
Also See for 7757:
- Quick reference manual (94 pages) ,
- Installation manual (80 pages) ,
- Product manual (15 pages)
Table of Contents
Advertisement
520
C
49: AAA & RADIUS & HWTACACS C
HAPTER
n
Configuring an AAA
Scheme for an ISP
Domain
c
ONFIGURATION
3Com's CAMS Server is a service management system used to manage networks
and secure networks and user information. Cooperating with other network
devices (such as switches) in a network, the CAMS Server implements the AAA
(authentication, authorization and accounting) services and rights management.
You can configure an AAA scheme in one of the following two ways:
Configuring a bound AAA scheme
You can use the scheme command to specify an AAA scheme. If you specify a
RADIUS or HWTACACS scheme, the authentication, authorization and accounting
will be uniformly implemented by the RADIUS server or TACACS server specified in
the RADIUS or HWTACACS scheme. In this way, you cannot specify different
schemes for authentication, authorization and accounting respectively.
Table 401 Configure an AAA scheme for an ISP domain
Operation
Enter system view
Create an ISP domain or
enter the view of an
existing ISP domain
Configure an AAA
scheme for the ISP
domain
Configure an RADIUS
scheme for the ISP
domain
CAUTION:
You can execute the scheme command with the radius-scheme-name
■
argument to adopt an already configured RADIUS scheme to implement all the
three AAA functions. If you adopt the local scheme, only the authentication
and authorization functions are implemented, the accounting function cannot
be implemented.
If you execute the scheme radius-scheme radius-scheme-name local
■
command, the local scheme becomes the secondary scheme in case the
RADIUS server does not response normally. That is, if the communication
between the switch and the RADIUS server is normal, no local authentication is
performed; otherwise, local authentication is performed.
If you execute the scheme hwtacacs-scheme radius-scheme-name local
■
command, the local scheme becomes the secondary scheme in case the
TACACS server does not respond normally. That is, if the communication
between the switch and the TACACS server is normal, no local authentication is
performed; otherwise, local authentication is performed.
If you adopt local or none as the primary scheme, the local authentication is
■
performed or no authentication is performed. In this case, you cannot perform
RADIUS authentication at the same time.
Command
system-view
domain isp-name
scheme { local | none | radius-scheme
radius-scheme-name [ local ] |
hwtacacs-scheme
hwtacacs-scheme-name [ local ] }
radius-scheme radius-scheme-name
Description
-
Required
Required
By default, the ISP
domain uses the local
AAA scheme.
Optional
This function can also
be implemented by
using the scheme
command to specify
the RADIUS scheme
to be used.
Advertisement
Table of Contents
Troubleshooting
