H3C S5600 SERIES Operation Manual page 512

1 AAA Overview ············································································································································1-1
Introduction to AAA ·································································································································1-1
Authentication··································································································································1-1
Authorization····································································································································1-2
Accounting·······································································································································1-2
Introduction to ISP Domain ·············································································································1-2
Introduction to AAA Services ··················································································································1-2
Introduction to RADIUS ···················································································································1-2
Introduction to HWTACACS ············································································································1-7
2 AAA Configuration ····································································································································2-1
AAA Configuration Task List ···················································································································2-1
Creating an ISP Domain and Configuring Its Attributes ··································································2-2
Configuring an AAA Scheme for an ISP Domain ············································································2-3
Configuring Dynamic VLAN Assignment·························································································2-6
Configuring the Attributes of a Local User·······················································································2-7
Cutting Down User Connections Forcibly························································································2-9
RADIUS Configuration Task List·············································································································2-9
Creating a RADIUS Scheme ·········································································································2-11
Configuring RADIUS Authentication/Authorization Servers ··························································2-11
Configuring RADIUS Accounting Servers ·····················································································2-12
Configuring Shared Keys for RADIUS Messages ·········································································2-13
Configuring the Maximum Number of RADIUS Request Transmission Attempts·························2-14
Configuring the Type of RADIUS Servers to be Supported ··························································2-14
Configuring the Status of RADIUS Servers···················································································2-15
Configuring the Attributes of Data to be Sent to RADIUS Servers ···············································2-16
Configuring the Local RADIUS Server ··························································································2-17
Configuring Timers for RADIUS Servers·······················································································2-18
Enabling Sending Trap Message when a RADIUS Server Goes Down ·······································2-19
Enabling the User Re-Authentication at Restart Function·····························································2-19
HWTACACS Configuration Task List····································································································2-21
Creating a HWTACACS Scheme ··································································································2-21
Configuring TACACS Authentication Servers ···············································································2-21
Configuring TACACS Authorization Servers ·················································································2-22
Configuring TACACS Accounting Servers ····················································································2-23
Configuring Shared Keys for HWTACACS Messages ··································································2-23
Configuring the Attributes of Data to be Sent to TACACS Servers ··············································2-24
Configuring the Timers Regarding TACACS Servers ···································································2-25
Displaying and Maintaining AAA Configuration ····················································································2-26
Displaying and Maintaining AAA Configuration·············································································2-26
Displaying and Maintaining RADIUS Protocol Configuration ························································2-26
Displaying and Maintaining HWTACACS Protocol Configuration ·················································2-26
AAA Configuration Examples················································································································2-27
Table of Contents
i