Configuring Relevant Attributes Of An Isp Domain - H3C S9500 Series Operation Manual
Routing switches
Hide thumbs
Also See for S9500 Series:
- Command manual (1842 pages) ,
- Operation manual (1504 pages) ,
- Operating manual (76 pages)
Table of Contents
Advertisement
Operation Manual – Security
H3C S9500 Series Routing Switches
H3C Series Switches ISP domain view, you can configure a complete set of exclusive
ISP domain attributes on a per-ISP domain basis, which includes AAA policy (RADIUS
scheme applied etc.)
For H3C Series Switches, each supplicant belongs to an ISP domain. Up to 16 domains
can be configured in the system. If a user has not reported its ISP domain name, the
system will put it into the default domain.
Perform the following configuration in system view.
Table 2-2 Create/Delete an ISP domain
Create ISP domain or enter the view of a
specified domain
Remove a specified ISP domain
Enable the default ISP domain specified by
isp-name
Restore the default ISP domain to "system"
By default, a domain named "system" has been created in the system. The attributes of
"system" are all default values.
2.2.2 Configuring Relevant Attributes of an ISP Domain
The relevant attributes of ISP domain include the adopted RADIUS scheme, ISP
domain state, maximum number of supplicants, accounting optional enable/disable
state, address pool definition, IP address assignment for PPP domain users, and user
idle-cut enable/disable state where:
The adopted RADIUS scheme is the one used by all the users in the ISP domain.
The RADIUS scheme can be used for RADIUS authentication or accounting. By
default, the default RADIUS scheme is used. The command shall be used
together with the commands of setting RADIUS server and server cluster. For
details, refer to the following Configuring RADIUS section of this chapter. If Local
is configured as the first scheme, only the Local scheme will be adopted, neither
RADIUS nor HWTACACS scheme will be adopted. When Local scheme is
adopted, only authentication and authorization will be performed, accounting will
not be performed. None has the same effect as Local. The usernames used for
Local authentication carry no domain name, so if the Local scheme is configured,
pay attention not to add domain name to the username when you configure a
Local user.
Every ISP domain has two states: Active and Block. If an ISP domain is in Active
state, the users in it are allowed to request network services, while in Block state,
its users are inhibit from requesting any network service, which will not affect the
Operation
2-7
Chapter 2 AAA and RADIUS/HWTACACS
Protocol Configuration
Command
domain isp-name
undo domain isp-name
domain default enable isp-name
domain default disable
Advertisement
Chapters
Table of Contents
Troubleshooting
