3Com 3C13636 Configuration Manual page 1012

3Com Router 3000 Ethernet Family
Configuration Guide
and accounting are accomplished by the specified RADIUS or HWTACAS scheme.
That is, you cannot specify a separate scheme for authentication, authorization, or
accounting.
If you specify to use the local authentication scheme, only authentication and
authorization are implemented, and no accounting is implemented.
If you configure the scheme radius-scheme radius-scheme-name local or scheme
authentication hwtacacs-scheme hwtacacs-scheme-name local command, the
local authentication scheme is the alternate scheme for use when the RADIUS server
or TACACS server is not responding properly. That is, the local authentication scheme
is used only when the RADIUS server or TACACS server is not available.
If you want the system to use the local scheme as the first scheme, the local
authentication scheme is the only scheme for authentication, and you cannot configure
any RADIUS or HWTACACS scheme at the same time, or configure to use no
authentication scheme. That is, you can only specify the local keyword in the scheme
command. The same is true for the none keyword.
Perform the following configuration in ISP domain view.
Table 2-5 Configure the related attributes of the ISP domain
Configure an AAA scheme for the
domain.
Restore the default AAA scheme.
The default AAA scheme is local.
2) Separated mode
In separated mode, you can use the authentication, authorization, and the
accounting commands to configure schemes for authentication, authorization, and
accounting separately. For example, you can configure the system to use a RADIUS
scheme for authentication and authorization and a HWTACACS scheme for accounting
optionally. This mode supports more flexible and rich combinations of schemes.
The following describes details about the implementation of services supported by AAA
in separated mode.
For terminal users
Authentication: The scheme can be RADIUS, HWTACACS, local, RADIUS and local,
HWTACACS and local, or none.
Authorization: The scheme can be HWTACACS or none.
Operation
3Com Corporation
2-11
Chapter 2 AAA and RADIUS/HWTACACS Protocol
Command
scheme {
radius-scheme-name
hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local
| none }
undo scheme [ radius-scheme |
hwtacacs-scheme | none ]
Configuration
radius-scheme
[ local ] |