Configuring aaa authentication methods for an isp, Domain – H3C Technologies H3C S7500E Series Switches User Manual
Page 56
2-27
To do…
Use the command…
Remarks
Place the ISP domain to the state of
active or blocked
state { active | block }
Optional
By default, an ISP domain is in active
state, and users in the domain can
request network services.
Specify the maximum number of
active users in the ISP domain
access-limit enable
max-user-number
Optional
No limit by default
Configure the idle cut function
idle-cut enable minute [ flow ]
Optional
Disabled by default
Currently, this command is effective
for only LAN users, and portal users.
Configure the self-service server
location function
self-service-url enable
url-string
Optional
Disabled by default
Specify the default authorization
user profile
authorization-attribute
user-profile profile-name
Optional
By default, an ISP domain has no
default authorization user profile.
A self-service RADIUS server, for example, Intelligent Management Center (iMC), is required for the
self-service server location function to work. With the self-service function, a user can manage and
control his or her accounting information or card number. A server with self-service software is a
self-service server.
Configuring AAA Authentication Methods for an ISP Domain
In AAA, authentication, authorization, and accounting are separate processes. Authentication refers to
the interactive authentication process of username/password/user information during access or
service request. The authentication process neither sends authorization information to a supplicant
nor triggers any accounting.
AAA supports the following authentication methods:
z
No authentication (none): All users are trusted and no authentication is performed. Generally, this
method is not recommended.
z
Local authentication (local): Authentication is performed by the NAS, which is configured with the
user information, including the usernames, passwords, and attributes. Local authentication
features high speed and low cost, but the amount of information that can be stored is limited by
the hardware.