Introduction To Domain; Introduction To Local User Management; Aaa Configuration - H3C SecPath F1800-A Operation Manual

Operation Manual - Security Defence
H3C SecPath F1800-A Firewall
As a result, the authentication is performed over RADIUS while the authorization is
performed over HWTACACS.

5.1.4 Introduction to Domain

The BAS manages users in the following two modes:
Management through domains
Management through user accounts
Note that all users belong to some domain.
Within a domain, you can configure:
Default authorizations
RADIUS/HWTACACS templates
Authentication and accounting schemes
The authorization precedence configured within a domain is lower than that
configured on an AAA server, that is, the authorization attribute of the AAA server is
used first. The domain authorization attribute is valid only when the AAA server is not
of this authorization or does not support this authorization. In this way, the attribute
limitation from the AAA server has gone and the service addition becomes flexible by
managing through a domain accordingly.
In the event that a domain and a user within the domain are configured with some
attribute simultaneously, the precedence of the user-based configuration is higher
than that of the domain-based configuration.

5.1.5 Introduction to Local User Management

The AAA sets up a local user database on the local router to maintain the user
information and to manage users, including local user accounts and local
authentication.
So far, the SecPath F1800-A can configure a single local user or a batch of local users
of a VLAN.

5.2 AAA Configuration

The AAA configuration includes:
Entering AAA view
Configuring an authentication scheme
Configuring an authorization scheme
Configuring a recording scheme
Setting parameters for a CAR level
6-91
Chapter 5 AAA