Creating An Isp Domain - H3C S3610-28P Operation Manual

Operation Manual – AAA-RADIUS-HWTACACS
H3C S3610&S5510 Series Ethernet Switches
In AAA, users are divided into lan-access users, login users, and command line users.
Except
authentication/authorization/accounting policies for all the other type of users.
Command line users can be configured with authorization policy independently.
1.3.1 Configuration Prerequisites
For remote authentication, authorization, or accounting, you must create the RADIUS
or HWTACACS scheme first.
RADIUS scheme: Reference a configured RADIUS scheme to implement
authentication/authorization and accounting. For RADIUS scheme configuration,
refer to
HWTACACS scheme: Reference a configured HWTACACS scheme to implement
authentication/authorization
configuration, refer to

1.3.2 Creating an ISP Domain

For the NAS, each accessing user belongs to an ISP domain. Up to 16 ISP domains
can be configured on a NAS. If a user does not provide the ISP domain name, the
system considers that the user belongs to the default ISP domain.
Follow these steps to create an ISP domain:
Enter system view
Create an ISP domain
and enter ISP domain
view
Return to system view
Specify the default ISP
domain
Note:
You cannot delete the default ISP domain unless you change it to a non-default ISP
domain (with the domain default disable command) first.
If a user enters a username without an ISP domain name, the device uses the
authentication scheme for the default ISP domain to authenticate the user.
for command line
Configuring RADIUS.
Configuring
To do...
system-view
domain isp-name
quit
domain default { disable
| enable isp-name }
Chapter 1 AAA/RADIUS/HWTACACS
users, you
and accounting.
HWTACACS.
Use the command...
1-13
Configuration
can configure separate
For HWTACACS
Remarks
—
Required
—
Optional
The system-default ISP
domain named system by
default
scheme