Table Of Contents - H3C SR8800-F Configuration Manual

Contents
Configuring AAA ·············································································· 1
About AAA ······························································································································· 1
AAA implementation ············································································································ 1
AAA network diagram ··········································································································· 1
RADIUS ···························································································································· 2
HWTACACS ······················································································································ 5
LDAP ································································································································ 8
User management based on ISP domains and user access types ··············································· 11
Authentication, authorization, and accounting methods ······························································ 11
AAA for MPLS L3VPNs ······································································································ 13
Protocols and standards ····································································································· 13
AAA tasks at a glance ··············································································································· 14
Configuring local users ·············································································································· 15
About local users ··············································································································· 15
Local user configuration tasks at a glance··············································································· 16
Configuring attributes for device management users ································································· 16
Configuring attributes for network access users ······································································· 17
Configuring local guest attributes ·························································································· 18
Configuring user group attributes ·························································································· 19
Managing local guests ········································································································ 21
Display and maintenance commands for local users and local user groups ···································· 22
Configuring RADIUS ················································································································· 23
RADIUS tasks at a glance ··································································································· 23
Configuring a test profile for RADIUS server status detection ······················································ 23
Creating a RADIUS scheme ································································································ 24
Specifying the RADIUS authentication servers ········································································· 24
Specifying the RADIUS accounting servers ············································································· 25
Specifying the shared keys for secure RADIUS communication ··················································· 26
Specifying an MPLS L3VPN instance for the scheme ································································ 26
Setting the username format and traffic statistics units ······························································ 27
Setting the maximum number of RADIUS request transmission attempts ······································ 27
Setting the maximum number of real-time accounting attempts ··················································· 28
Configuring RADIUS stop-accounting packet buffering ······························································ 28
Setting the maximum number of pending RADIUS requests ······················································· 29
Setting the status of RADIUS servers ···················································································· 29
Enabling the RADIUS server load sharing feature ···································································· 31
Specifying the source IP address for outgoing RADIUS packets ·················································· 32
Setting RADIUS timers ······································································································· 33
Configuring the RADIUS accounting-on feature ······································································· 34
Interpreting the RADIUS class attribute as CAR parameters ······················································· 34
Configuring the Login-Service attribute check method for SSH, FTP, and terminal users ·················· 35
Configuring the MAC address format for RADIUS attribute 31 ····················································· 35
Configuring the format for RADIUS attribute 87 ········································································ 36
Setting the data measurement unit for the Remanent_Volume attribute········································· 36
Specifying a server version for interoperating with servers with a vendor ID of 2011 ························ 37
Configuring the RADIUS attribute translation feature ································································· 37
Configuring the RADIUS session-control feature ······································································ 39
Configuring the RADIUS DAS feature ···················································································· 39
Changing the DSCP priority for RADIUS packets ····································································· 40
Configuring the device to preferentially process RADIUS authentication requests ··························· 40
Enabling SNMP notifications for RADIUS ··············································································· 41
Display and maintenance commands for RADIUS ···································································· 41
Configuring HWTACACS ··········································································································· 42
HWTACACS tasks at a glance ····························································································· 42
Creating an HWTACACS scheme ························································································· 42
Specifying the HWTACACS authentication servers ··································································· 42
Specifying the HWTACACS authorization servers ···································································· 43
i