To do...
Clear buffered stop-accounting
requests that receive no responses (on
a centralized router)
Clear buffered stop-accounting
requests that receive no responses (on
a distributed router)
Configuring AAA methods for ISP domains
You configure AAA methods for an ISP domain by referencing configured AAA schemes in ISP domain
view. Each ISP domain has a set of default AAA methods, which are local authentication, local
authorization, and local accounting by default and can be customized. If you do not configure any AAA
methods for an ISP domain, the router uses the system default AAA methods for authentication,
authorization, and accounting of users in the domain.
Configuration prerequisites
To use local authentication for users in an ISP domain, configure local user accounts (see
local user
attributes") on the router.
To use remote authentication, authorization, and accounting, create the required RADIUS and
HWTACACS schemes as described in
schemes."
Creating an ISP domain
In a networking scenario with multiple ISPs, a router may connect users of different ISPs. Users of
different ISPs may have different user attributes, such as different username and password structures,
different service types, and different rights. To distinguish the users of different ISPs, configure ISP
domains, and configure different AAA methods and domain attributes for the ISP domains.
On a NAS, each user belongs to an ISP domain. A NAS can accommodate up to 16 ISP domains,
including the system-predefined ISP domain system. Specify one of the ISP domains as the system default
domain. If a user provides no ISP domain name at login, the router considers that the user belongs to the
system default ISP domain.
To create an ISP domain:
To do...
1.
Enter system view.
2.
Create an ISP domain and
enter ISP domain view.
3.
Return to system view.
4.
Specify the default ISP
domain.
Command...
reset stop-accounting-buffer hwtacacs-
scheme hwtacacs-scheme-name
reset stop-accounting-buffer hwtacacs-
scheme hwtacacs-scheme-name [ slot
slot-number ]
"Configuring RADIUS
Command...
system-view
domain isp-name
quit
domain default enable isp-
name
40
Remarks
Available in user view
Available in user view
schemes" and
"Configuring HWTACACS
Remarks
—
Required.
—
Optional.
By default, the default ISP domain is the
system predefined ISP domain system.
"Configuring