AAA Separation
Enabling the Selection of the RADIUS Accounting Option
If no RADIUS server is available or if the RADIUS accounting server fails when the
accounting optional
otherwise, the user will be disconnected. The user configured with the
command in RADIUS scheme will no longer send real-time accounting
optional
update packets or offline accounting packets.
Perform the following configurations in ISP Domain View.
Table 442 Enabling the Selection of the RADIUS Accounting Option
Operation
Enable the selection of RADIUS accounting option accounting optional
Disable the selection of RADIUS accounting option undo accounting optional
By default, the selection of RADIUS accounting option is disabled.
The
accounting optional
view which is only effective on the accounting that uses this RADIUS scheme. If this
command is configured both on an ISP domain and the RADIUS scheme it uses, the
latest configuration will take effect.
AAA (authentication, authorization and accounting) is a management framework for
network access control. It provides the following three services:
Authentication: Checks if a user can access the network.
■
Authorization: Authorizes a user to use a specific service.
■
Accounting: Records the network usage of a user.
■
In AAA management, you can use the authentication, authorization, and
accounting commands separately to specify a scheme for each of the three AAA
functions (authentication, authorization and accounting) respectively. This AAA
separation feature brings flexibility to AAA configuration. The following lists the
implementations of AAA separation for the services supported by AAA.
For terminal users
■
Authentication method: RADIUS, local, RADIUS-local, or none.
Authorization method: none.
Accounting method: RADIUS or none.
You can configure combined authentication, authorization and accounting schemes
depending on the methods supported by the switch according to your needs.
For FTP users
■
Only authentication is supported for FTP users.
Authentication method: RADIUS, local, or RADIUS-local.
is configured, the user can still use the network resource,
Command
command can also be configured in the RADIUS scheme
AAA Separation 413
accounting