n
Configuring an AAA
Authentication Scheme
for an ISP Domain
To do...
Place the ISP domain to the
state of active or blocked
Specify the maximum number
of users in the ISP domain
Configure the idle cut
function
Enable the self-service server
localization function and
specify the URL of the
self-service server for
changing user password
A self-service RADIUS server, for example, CAMS, is required for the self-service
server localization function. With the self-service function, a user can manage and
control his or her accounting information or module number. A server with
self-service software is a self-service server.
In AAA, authentication, authorization, and accounting are three separate
processes. Authentication refers to the interactive authentication process of
username/password/user information during access or service request. The
authentication process neither sends authorization information to a supplicant nor
triggers any accounting. You can configure AAA to use only authentication. If you
do not perform any authentication configuration, the system-default ISP domain
uses the local authentication scheme.
Before configuring an authentication scheme, complete these three tasks:
For RADIUS or HWTACACS authentication, configure the RADIUS or
■
HWTACACS scheme to be referenced first. The local and none authentication
modes do not require any scheme.
Determine the access mode or service type to be configured. With AAA, you
■
can configure an authentication scheme specifically for each access mode and
service type, limiting the authentication protocols that can be used for access.
Determine whether to configure an authentication scheme for all access modes
■
or service types.
Follow these steps to configure an AAA authentication scheme for an ISP domain:
To do...
Enter system view
Create an ISP domain and
enter ISP domain view
Use the command...
state { active | block }
access-limit { disable |
enable max-user-number }
idle-cut { disable | enable
minute }
self-service-url { disable |
enable url-string }
Use the command...
system-view
domain isp-name
Configuring AAA
759
Remarks
Optional
When created, an ISP is in the
state of active by default, and
users in the domain can
request network services.
Optional
No limit by default
Optional
Disabled by default
Optional
Disabled by default
Remarks
-
Required