Authorization; Accounting; Introduction To Isp Domain - H3C S3100-52P Operation Manual
Hide thumbs
Also See for S3100-52P:
- Operation manual (62 pages) ,
- Command manual (55 pages) ,
- Installation manual (54 pages)
Table of Contents
Advertisement
Operation Manual – AAA
H3C S3100-52P Ethernet switch
Remote authentication: Users are authenticated remotely through RADIUS or
HWTACACS protocol. This device (for example, a H3C series switch) acts as the
client to communicate with the RADIUS or TACACS server. You can use standard
or extended RADIUS protocols in conjunction with such systems as
iTELLIN/CAMS for user authentication. Remote authentication allows convenient
centralized management and is feature-rich. However, to implement remote
authentication, a server is needed and must be configured properly.
1.1.2 Authorization
AAA supports the following authorization methods:
Direct authorization: Users are trusted and directly authorized.
Local authorization: Users are authorized according to the related attributes
configured for their local accounts on this device.
RADIUS authorization: Users are authorized after they pass RADIUS
authentication. In RADIUS protocol, authentication and authorization are
combined together, and authorization cannot be performed alone without
authentication.
HWTACACS authorization: Users are authorized by a TACACS server.
1.1.3 Accounting
AAA supports the following accounting methods:
None accounting: No accounting is performed for users.
Remote accounting: User accounting is performed on a remote RADIUS or
TACACS server.
1.1.4 Introduction to ISP Domain
An Internet service provider (ISP) domain is a group of users who belong to the same
ISP. For a username in the format of userid@isp-name or userid.isp-name, the
isp-name following the "@" or "." character is the ISP domain name. The access device
uses userid as the username for authentication, and isp-name as the domain name.
In a multi-ISP environment, the users connected to the same access device may
belong to different domains. Since the users of different ISPs may have different
attributes (such as different forms of username and password, different service
types/access rights), it is necessary to distinguish the users by setting ISP domains.
You can configure a set of ISP domain attributes (including AAA policy, RADIUS
scheme, and so on) for each ISP domain independently in ISP domain view.
1-2
Chapter 1 AAA Overview
Advertisement
Chapters
Table of Contents
Troubleshooting
