Configuring Aaa - 3Com Switch 4800G 24-Port Configuration Manual
Switch 4800g family 24-port, pwr 24-port, 48-port, pwr 48-port, 24-port sfp
Hide thumbs
Also See for Switch 4800G 24-Port:
- Product manual (13 pages) ,
- Datasheet (8 pages) ,
- Configuration manual (27 pages)
Table of Contents
Advertisement
758
C
53: AAA/RADIUS/HWTACACS C
HAPTER
Configuring AAA
Configuration
Prerequisites
Creating an ISP Domain
Configuring ISP Domain
Attributes
ONFIGURATION
By configuring AAA, you can provide network access service for legal users,
protect the networking devices, and avoid unauthorized access and bilking. In
addition, you can configure ISP domains to perform AAA on accessing users.
In AAA, users are divided into lan-access users (such as 802.1x users and MAC
authentication users), login users (such as SSH, Telnet, FTP, and terminal access
users), and command line users (that is, command line authentication users).
Except for command line users, you can configure separate
authentication/authorization/accounting policies for all the other type of users.
Command line users can be configured with authorization policy independently.
For remote authentication, authorization, or accounting, you must create the
RADIUS or HWTACACS scheme first.
RADIUS scheme: Reference a configured RADIUS scheme to implement
■
authentication/authorization and accounting. For RADIUS scheme
configuration, refer to "Configuring RADIUS" on page 765.
HWTACACS scheme: Reference a configured HWTACACS scheme to
■
implement authentication/authorization and accounting. For HWTACACS
scheme configuration, refer to "Configuring HWTACACS" on page 771.
For the NAS, each accessing user belongs to an ISP domain. Up to 16 ISP domains
can be configured on a NAS. If a user does not provide the ISP domain name, the
system considers that the user belongs to the default ISP domain.
Follow these steps to create an ISP domain:
To do...
Enter system view
Create an ISP domain and
enter ISP domain view
Return to system view
Specify the default ISP domain domain default { disable |
n
You cannot delete the default ISP domain unless you change it to a non-default
■
ISP domain (with the domain default disable command) first.
If a user enters a username without an ISP domain name, the device uses the
■
authentication scheme for the default ISP domain to authenticate the user.
Follow these steps to configure ISP domain attributes:
To do...
Enter system view
Create an ISP domain and
enter ISP domain view
Use the command...
system-view
domain isp-name
quit
enable isp-name }
Use the command...
system-view
domain isp-name
Remarks
-
Required
-
Optional
The system-default ISP
domain named system by
default
Remarks
-
Required
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
