Operation Manual – AAA-RADIUS-HWTACACS
H3C S3610&S5510 Series Ethernet Switches
Chapter 1 AAA/RADIUS/HWTACACS
Configuration
1-13
In AAA, users are divided into lan-access users, login users, and command line users.
Except for command line users, you can configure separate
authentication/authorization/accounting policies for all the other type of users.
Command line users can be configured with authorization policy independently.
1.3.1 Configuration Prerequisites
For remote authentication, authorization, or accounting, you must create the RADIUS
or HWTACACS scheme first.
z
RADIUS scheme: Reference a configured RADIUS scheme to implement
authentication/authorization and accounting. For RADIUS scheme configuration,
refer to
Configuring RADIUS
.
z
HWTACACS scheme: Reference a configured HWTACACS scheme to implement
authentication/authorization and accounting. For HWTACACS scheme
configuration, refer to
Configuring HWTACACS
.
1.3.2 Creating an ISP Domain
For the NAS, each accessing user belongs to an ISP domain. Up to 16 ISP domains
can be configured on a NAS. If a user does not provide the ISP domain name, the
system considers that the user belongs to the default ISP domain.
Follow these steps to create an ISP domain:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create an ISP domain
and enter ISP domain
view
domain
isp-name
Required
Return to system view
quit
—
Specify the default ISP
domain
domain
default
{
disable
| enable isp-name
}
Optional
The system-default ISP
domain named system by
default
Note:
z
You cannot delete the default ISP domain unless you change it to a non-default ISP
domain (with the
domain
default disable
command) first.
z
If a user enters a username without an ISP domain name, the device uses the
authentication scheme for the default ISP domain to authenticate the user.