3Com 4200G 12-Port Configuration Manual page 189

Configuring an AAA
Scheme for an ISP
Domain
CAUTION:
On an S4200G series switch, each access user belongs to an ISP domain. You can
■
configure up to 16 ISP domains on the switch. When a user logs in, if no ISP
domain name is carried in the user name, the switch assumes that the user
belongs to the default ISP domain.
When charging a user, if the system does not find any available accounting server
■
or fails to communicate with any accounting server, it will not disconnect the user
as long as the accounting optional command has been executed.
The self-service server location function must cooperate with a
■
self-service-supported RADIUS server (such as CAMS). Through self-service, users
can manage and control their accounts or card numbers by themselves. A server
installed with the self-service software is called a self-service server.
3Com's CAMS Server is a service management system used to manage networks and
secure networks and user information. Cooperating with other network devices (such
as switches) in a network, the CAMS Server implements the AAA (authentication,
authorization and accounting) services and rights management
You can configure an AAA scheme in one of the following two ways:
Configuring a bound AAA scheme
You can use the scheme command to specify an AAA scheme. If you specify a
RADIUS scheme, the authentication, authorization and accounting will be uniformly
implemented by the RADIUS server specified in the RADIUS scheme. In this way, you
can specify only one scheme to implement all the three AAA functions and do not
need to specify different schemes for authentication, authorization and accounting
respectively
Table 137 Configure a bound AAA scheme
Operation Command
Enter system view system-view
Create an ISP domain domain isp-name
or enter the view of an
existing ISP domain
Configure an AAA scheme { local | none |
scheme for the ISP radius-scheme
domain radius-scheme-name [
local ] }
Configure an RADIUS radius-scheme
scheme for the ISP radius-scheme-name
domain
CAUTION: You can execute the scheme command with the radius-scheme-name
argument to adopt an already configured RADIUS scheme to implement all the three
AAA functions. If you adopt the local scheme, only the authentication and
authorization functions are implemented, the accounting function cannot be
implemented.
If you execute the scheme radius-scheme radius-scheme-name local command,
■
the local scheme becomes the secondary scheme in case the RADIUS server does
not response normally. That is, if the communication between the switch and the
RADIUS server is normal, no local authentication is performed; otherwise, local
authentication is performed.
AAA Configuration 175
Description
-
Required
Required
By default, the ISP domain uses the local
AAA scheme.
Optional
This command has the same effect as the
scheme radius-scheme command.