3Com 4200G 12-Port Configuration Manual page 190
4200g series switch
Hide thumbs
Also See for 4200G 12-Port:
- Configuration manual (730 pages) ,
- Getting started manual (104 pages) ,
- Quick reference manual (43 pages)
Table of Contents
Advertisement
176
C
23: AAA&RADIUS C
HAPTER
ONFIGURATION
If you execute the scheme local command, the local scheme is adopted as the
■
primary scheme. In this case, only local authentication is performed, no RADIUS
authentication is performed.
If you execute the scheme none command, no authentication is performed.
■
Configuring separate AAA schemes
You can use the authentication, authorization, and accounting commands to
specify a scheme for each of the three AAA functions (authentication, authorization
and accounting) respectively. The following gives the implementations of this separate
way for the services supported by AAA.
For terminal users
■
Authentication: RADIUS, local, RADIUS-local or none.
Authorization: none.
Accounting: RADIUS or none.
You can configure combined authentication, authorization and accounting schemes
by using the above implementations.
For FTP users
■
Only authentication is supported for FTP users.
■
Authentication: RADIUS, local, or RADIUS-local.
■
Perform the following configuration in ISP domain view.
Table 138 Configure separate AAA schemes
Operation
Enter system view
Create an ISP domain or enter
the view of an existing ISP
domain
Configure an authentication
scheme for the ISP domain
Allow users in current ISP
domain to access the network
services without being
authorized
Configure an accounting
scheme for the ISP domain
If a bound AAA scheme is configured as well as the separate authentication,
■
authorization and accounting schemes, the separate ones will be adopted in
precedence.
RADIUS scheme and local scheme do not support the separation of authentication
■
and authorization. Therefore, pay attention when you make authentication and
authorization configuration for a domain: if the scheme radius-scheme or
scheme local command is executed, the authorization none command is
executed, while the authentication command is not executed, the authorization
information returned from the RADIUS or local scheme still takes effect.
Command
system-view
domain isp-name
authentication { radius-scheme
radius-scheme-name [ local ] | local |
none }
authorization none
accounting { none | radius-scheme
radius-scheme-name }
Description
—
Required
Optional
By default, no separate
authentication scheme
is configured.
Optional
By default, no separate
authorization scheme is
configured.
Optional
By default, no separate
accounting scheme is
configured.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
