beautypg.com

Configuration prerequisites, Creating an isp domain, Setting the isp domain status – H3C Technologies H3C S6300 Series Switches User Manual

Page 57

background image

42

Configuration prerequisites

To use local authentication for users in an ISP domain, configure local user accounts on the device first.

See "

Configuring local user attributes

."

To use remote authentication, authorization, and accounting, create the required RADIUS, HWTACACS,
or LDAP schemes. For more information about the scheme configuration, see "

Configuring RADIUS

schemes

," "

Configuring HWTACACS schemes

," and "

Configuring LDAP schemes

."

Creating an ISP domain

In a networking scenario with multiple ISPs, the device can connect to users of different ISPs. These users

can have different user attributes, such as different username and password structures, different service

types, and different rights. To manage users of different ISPs, configure ISP domains, and configure AAA

methods and domain attributes for each ISP domain as needed.
The device supports a maximum of 16 ISP domains, including the system-defined ISP domain system. You

can specify one of the ISP domains as the default domain. You can modify the settings of the ISP domain

system, but you cannot delete the domain.
On the device, each user belongs to an ISP domain. If a user provides no ISP domain name at login, the
device considers the user belongs to the default ISP domain.
An ISP domain cannot be deleted when it is used as the default ISP domain. Before you use the undo

domain command, change the domain to a non-default ISP domain by using the undo domain default

enable command.
To create an ISP domain:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an ISP domain and

enter ISP domain view.

domain isp-name N/A

3.

Return to system view.

quit

N/A

4.

(Optional.) Specify the default
ISP domain.

domain default enable
isp-name

By default, the default ISP domain is the
system-defined ISP domain system.

Setting the ISP domain status

By placing the ISP domain in active or blocked state, you allow or deny network service requests from

users in the domain.
To set the ISP domain status:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter ISP domain view.

domain isp-name

N/A

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: