H3C Technologies H3C S7500E Series Switches User Manual

Page 7

Text mode
Original mode

Table of Contents

1 AAA Overview ············································································································································1-1

Introduction to AAA ·································································································································1-1

Introduction to RADIUS···························································································································1-2

Client/Server Model ·························································································································1-2

Security and Authentication Mechanisms ·······················································································1-3

Basic Message Exchange Process of RADIUS ··············································································1-3

RADIUS Packet Format···················································································································1-4

Extended RADIUS Attributes ··········································································································1-8

Introduction to HWTACACS····················································································································1-9

Differences Between HWTACACS and RADIUS············································································1-9

Basic Message Exchange Process of HWTACACS ·······································································1-9

Domain-Based User Management········································································································1-11

Protocols and Standards·······················································································································1-12

RADIUS Attributes ································································································································1-12

Commonly Used Standard RADIUS Attributes ·············································································1-12

Proprietary RADIUS Sub-Attributes of H3C ··················································································1-14

2 AAA Configuration ····································································································································2-1

AAA Configuration Considerations and Task List···················································································2-1

Configuring AAA Schemes ·····················································································································2-2

Configuring Local Users ··················································································································2-2

Configuring RADIUS Schemes ·······································································································2-7

Configuring HWTACACS Schemes ······························································································2-19

Configuring AAA Methods for ISP Domains ·························································································2-25

Configuration Prerequisites ···········································································································2-26

Creating an ISP Domain················································································································2-26

Configuring ISP Domain Attributes································································································2-26

Configuring AAA Authentication Methods for an ISP Domain ······················································2-27

Configuring AAA Authorization Methods for an ISP Domain ························································2-29

Configuring AAA Accounting Methods for an ISP Domain····························································2-31

Tearing Down User Connections Forcibly ····························································································2-33

Configuring a NAS ID-VLAN Binding ····································································································2-34

Displaying and Maintaining AAA···········································································································2-34

3 AAA Configuration Examples ··················································································································3-1

AAA Configuration Examples··················································································································3-1

AAA for Telnet Users by an HWTACACS Server ···········································································3-1

AAA for Telnet Users by Separate Servers·····················································································3-2

Authentication/Authorization for SSH/Telnet Users by a RADIUS Server ······································3-4

AAA for Portal Users by a RADIUS Server ·····················································································3-7

AAA for 802.1X Users by a RADIUS Server ·················································································3-15

Level Switching Authentication for Telnet Users by an HWTACACS Server································3-22

Pages: 1 … 5 6 7 8 9 … 269

wrong Brand
wrong Model
non readable

This manual is related to the following products:

H3C S5800 Series Switches H3C S5120 Series Switches H3C WA2600 Series WLAN Access Points H3C WA2200 Series WLAN Access Points

See also other documents in the category H3C Technologies Routers:

H3C S12500X-AF Series Switches (3 pages)
H3C S12500X-AF Series Switches (3 pages)
H3C S12500X-AF Series Switches (53 pages)
H3C S12500 Series Switches (19 pages)
H3C MSV 50 (8 pages)
H3C S12500 Series Switches (21 pages)
H3C S9500E Series Switches (4 pages)
H3C S7500E Series Switches (3 pages)
H3C WA2200 Series WLAN Access Points (42 pages)
H3C S12500-X Series Switches (8 pages)
H3C SR6600 (64 pages)
H3C S9500E Series Switches (36 pages)
H3C WA3600 Series Access Points (237 pages)
H3C S9500E Series Switches (270 pages)
H3C MSR 900 (249 pages)
H3C S12500 Series Switches (163 pages)
H3C S12500 Series Switches (170 pages)
H3C MSR 900 (96 pages)
H3C MSR 900 (443 pages)
H3C MSR 900 (468 pages)
H3C S9500E Series Switches (32 pages)
H3C S9500E Series Switches (241 pages)
H3C S12500 Series Switches (39 pages)
H3C S6800 Series Switches (59 pages)
H3C LSBM1WCM2A0 Access Controller Module (197 pages)
H3C S10500 Series Switches (27 pages)
H3C LSBM1WCM2A0 Access Controller Module (226 pages)
H3C S6300 Series Switches (188 pages)
H3C MSR 900 (410 pages)
H3C MSR 900 (239 pages)
H3C WA3600 Series Access Points (394 pages)
H3C S10500 Series Switches (2 pages)
H3C S10500 Series Switches (2 pages)
H3C S10500 Series Switches (2 pages)
H3C S10500 Series Switches (2 pages)
H3C S10500 Series Switches (2 pages)
H3C S10500 Series Switches (2 pages)
H3C S10500 Series Switches (2 pages)
H3C S10500 Series Switches (1 page)
H3C S7500E Series Switches (19 pages)
H3C S7500E Series Switches (115 pages)
H3C S6300 Series Switches (58 pages)
H3C S6300 Series Switches (208 pages)
H3C S6300 Series Switches (251 pages)
H3C S10500 Series Switches (140 pages)