Configuring Aaa Authentication Methods For An Isp Domain - H3C S5500-EI Series Security Configuration Manual
Hide thumbs
Also See for S5500-EI Series:
- Operation manual (1529 pages) ,
- Configuration manual (490 pages) ,
- Quick start manual (91 pages)
Table of Contents
Advertisement
domains that use the same scheme for Layer 3 portal authentication. For more information about
policy-based routing, see Layer 3—IP Routing Configuration Guide. For more information about
Layer 3 portal authentication, see
To configure ISP domain attributes:
Step
1.
Enter system view.
2.
Enter ISP domain view.
3.
Place the ISP domain to the
state of active or blocked.
4.
Specify the maximum number
of online users in the ISP
domain.
5.
Configure the idle cut function.
6.
Enable the self-service server
location function and specify
the URL of the self-service
server.
7.
Specify the default
authorization user profile.
8.
Set a DSCP value for the ISP
domain.
Configuring AAA authentication methods for an ISP domain
In AAA, authentication, authorization, and accounting are separate processes. Authentication refers to
the interactive authentication process of username/password/user information during an access or
service request. The authentication process does not send authorization information to a supplicant or
trigger accounting.
AAA supports the following authentication methods:
No authentication (none)—All users are trusted and no authentication is performed. Generally, do
•
not use this method.
•
Local authentication (local)—Authentication is performed by the NAS, which is configured with the
user information, including the usernames, passwords, and attributes. Local authentication allows
high speed and low cost, but the amount of information that can be stored is limited by the size of
the storage space.
Remote authentication (scheme)—The NAS cooperates with a RADIUS, or HWTACACS server to
•
authenticate users. Remote authentication provides centralized information management, high
"Configuring portal
Command
system-view
domain isp-name
state { active | block }
access-limit enable
max-user-number
idle-cut enable minute [ flow ]
self-service-url enable url-string
authorization-attribute
user-profile profile-name
dscp dscp-value
42
authentication."
Remarks
N/A
N/A
Optional.
By default, an ISP domain is in active
state, and users in the domain can
request network services.
Optional.
No limit by default.
Optional.
Disabled by default.
This command is effective for only
LAN users and portal users.
Optional.
Disabled by default.
Optional.
By default, an ISP domain has no
default authorization user profile.
Optional.
By default, no DSCP value is specified
for an ISP domain.
Available only on the S5500-EI series
Advertisement
Table of Contents
Troubleshooting
