Creating An Isp Domain; Configuring Isp Domain Attributes - H3C S5500-EI Series Security Configuration Manual
Hide thumbs
Also See for S5500-EI Series:
- Operation manual (1529 pages) ,
- Configuration manual (490 pages) ,
- Quick start manual (91 pages)
Table of Contents
Advertisement
Creating an ISP domain
In a networking scenario with multiple ISPs, the switch may connect users of different ISPs, and users of
different ISPs may have different user attributes, such as different username and password structures,
different service types, and different rights. To distinguish the users of different ISPs, configure ISP
domains, and configure different AAA methods and domain attributes for the ISP domains.
The switch can accommodate up to 16 ISP domains, including the system-defined ISP domain system.
You can specify one of the ISP domains as the default domain.
On the switch, each user belongs to an ISP domain. If a user provides no ISP domain name at login, the
switch considers the user belongs to the default ISP domain.
To create an ISP domain:
Step
1.
Enter system view.
2.
Create an ISP domain and
enter ISP domain view.
3.
Return to system view.
4.
Specify the default ISP
domain.
NOTE:
To delete the ISP domain that is functioning as the default ISP domain, you must change it to a non-default
ISP domain by using the undo domain default enable command.
Configuring ISP domain attributes
In an ISP domain, you can configure the following attributes:
Domain status—By placing the ISP domain to the active or blocked state, you allow or deny
•
network service requests from users in the domain.
Maximum number of online users—The switch controls the number of online users in a domain to
•
ensure the system performance and service reliability.
•
Idle cut—This function enables the switch to check the traffic of each online user in the domain at the
idle timeout interval, and to log out any user in the domain whose traffic during the idle timeout
period is less than the specified minimum traffic.
Self-service server location—By using the information defined in this attribute, users can access the
•
self-service server to manage their own accounts and passwords. A self-service RADIUS server, such
as CAMS or IMC, is required for the self-service server location function to work.
•
Default authorization user profile—If a user passes authentication but is authorized with no user
profile, the switch authorizes the default user profile of the ISP domain to the user and restricts the
user's behavior based on the profile. For more information about user profiles, see
user
profile."
DSCP value—The switch sets the specified DSCP value in IP packets from authenticated users in the
•
ISP domain, which is identified in the login username userid@domain-name. Policy-based routing
routes IP packets to different destinations based on the DSCP value. This attribute applies only to ISP
Command
system-view
domain isp-name
quit
domain default enable
isp-name
41
Remarks
N/A
N/A
N/A
Optional.
By default, the default ISP domain is the
system-defined ISP domain system.
"Configuring a
Advertisement
Table of Contents
Troubleshooting
