Domain-based user management – H3C Technologies H3C S7500E Series Switches User Manual

Page 24

1-11

10) After receiving the login password, the HWTACACS client sends to the HWTACACS server a

continue-authentication packet carrying the login password.

11) The HWTACACS server sends back an authentication response indicating that the user has

passed authentication.

12) The HWTACACS client sends the user authorization request packet to the HWTACACS server.

13) The HWTACACS server sends back the authorization response, indicating that the user is

authorized now.

14) Knowing that the user is now authorized, the HWTACACS client pushes its configuration interface

to the user.

15) The HWTACACS client sends a start-accounting request to the HWTACACS server.

16) The HWTACACS server sends back an accounting response, indicating that it has received the

start-accounting request.

17) The user logs off.

18) The HWTACACS client sends a stop-accounting request to the HWTACACS server.

19) The HWTACACS server sends back a stop-accounting response, indicating that the

stop-accounting request has been received.

Domain-Based User Management

An Internet service provider (ISP) domain accommodates a collection of users. NAS devices manage

users based on ISP domains. Each user belongs to an ISP domain. The ISP domain of a user is

determined by the username used for login, as shown in

Figure 1-7 Determine the ISP domain of a user by the username

The authentication, authorization, and accounting of a user depends on the AAA methods configured

for the domain that the user belongs to. If no specific AAA methods are configured for the domain, the

default ones are used. By default, a domain uses local authentication, local authorization, and local

accounting.

The AAA feature allows you to manage users based on their access types:

LAN users: Users on a LAN who must pass 802.1X authentication or MAC address authentication

to access the network.

and terminal service users.

This manual is related to the following products: