Table of Contents
Advertisement
Configuring AAA methods for ISP domains
Creating an ISP domain
About ISP domains
In a networking scenario with multiple ISPs, the device can connect to users of different ISPs. These
users can have different user attributes, such as different username and password structures,
different service types, and different rights. To manage users of different ISPs, configure
authentication, authorization, and accounting methods and domain attributes for each ISP domain
as needed.
The device supports a maximum of 16 ISP domains, including the system-defined ISP domain
system. You can specify one of the ISP domains as the default domain.
On the device, each user belongs to an ISP domain. If a user does not provide an ISP domain name
at login, the device considers the user belongs to the default ISP domain.
Each ISP domain has a set of system-defined AAA methods, which are local authentication, local
authorization, and local accounting. If you do not configure any AAA methods for an ISP domain, the
device uses the system-defined AAA methods for users in the domain.
The device chooses an authentication domain for each user in the following order:
1.
The authentication domain specified for the access module. (Support for the authentication
domain configuration depends on the access module.)
2.
The ISP domain in the username.
3.
The default ISP domain of the device.
If the chosen domain does not exist on the device, the device searches for the ISP domain that
accommodates users assigned to nonexistent domains. If no such ISP domain is configured, user
authentication fails.
Restrictions and guidelines
When you configure an ISP domain, follow these restrictions and guidelines:
•
An ISP domain cannot be deleted when it is the default ISP domain. Before you use the undo
domain command, change the domain to a non-default ISP domain by using the undo domain
default enable command.
•
You can modify the settings of the system-defined ISP domain system, but you cannot delete
the domain.
Procedure
To create an ISP domain:
Step
1.
Enter system view.
2.
Create an ISP domain and
enter ISP domain view.
3.
Return to system view.
4.
(Optional.) Specify the
default ISP domain.
5.
(Optional.) Specify the ISP
domain to accommodate
users that are assigned to
nonexistent domains.
Command
system-view
domain isp-name
quit
domain default enable
isp-name
domain if-unknown
isp-domain-name
54
Remarks
N/A
By default, a system-defined ISP
domain exists. The domain name is
system.
N/A
By default, the default ISP domain is the
system-defined ISP domain system.
By default, no ISP domain is specified to
accommodate users that are assigned
to nonexistent domains.
Advertisement
Table of Contents
Troubleshooting
