beautypg.com

H3C Technologies H3C S7500E Series Switches User Manual

Page 57

background image

2-28

z

Remote authentication (scheme): The access device cooperates with a RADIUS, or HWTACACS

server to authenticate users. The device can use the standard RADIUS protocol or extended

RADIUS protocol in collaboration with systems like iMC to implement user authentication.

Remote authentication features centralized information management, high capacity, high

reliability, and support for centralized authentication service for multiple access devices. You can

configure local authentication as the backup method to be used when the remote server is not

available.

You can configure AAA authentication to work alone without authorization and accounting. By default,

an ISP domain uses the local authentication method.

Before configuring authentication methods, complete these three tasks:

z

For RADIUS, or HWTACACS authentication, configure the RADIUS, or HWTACACS scheme to

be referenced first. The local and none authentication methods do not require any scheme.

z

Determine the access mode or service type to be configured. With AAA, you can configure an

authentication method specifically for each access mode and service type, limiting the

authentication protocols that can be used for access.

z

Determine whether to configure an authentication method for all access modes or service types.

Follow these steps to configure AAA authentication methods for an ISP domain:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter ISP domain view

domain isp-name

Specify the default

authentication method for all

types of users

authentication default { hwtacacs-scheme

hwtacacs-scheme-name [ local ] | local |

none | radius-scheme radius-scheme-name

[ local ] }

Optional

local by default

Specify the authentication

method for LAN users

authentication lan-access { local | none |

radius-scheme radius-scheme-name

[ local ] }

Optional

The default authentication

method is used by default.

Specify the authentication

method for login users

authentication login { hwtacacs-scheme

hwtacacs-scheme-name [ local ] | local |

none | radius-scheme radius-scheme-name

[ local ] }

Optional

The default authentication

method is used by default.

Specify the authentication

method for portal users

authentication portal { local | none |

radius-scheme radius-scheme-name

[ local ] }

Optional

The default authentication

method is used by default.

Specify the authentication

method for privilege level

switching

authentication super { hwtacacs-scheme

hwtacacs-scheme-name | radius-scheme

radius-scheme-name }

Optional

The default authentication

method is used by default.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: