beautypg.com

Configuration prerequisites, Configuration guidelines, Configuration procedure – H3C Technologies H3C S6300 Series Switches User Manual

Page 58

background image

43

Step Command

Remarks

3.

Place the ISP domain in active
or blocked state.

state { active | block }

By default, an ISP domain is in
active state, and users in the
domain can request network

services.

Configuring authentication methods for an ISP domain

Configuration prerequisites

Before configuring authentication methods, complete the following tasks:

1.

Determine the access type or service type to be configured. With AAA, you can configure an
authentication method for each access type and service type.

2.

Determine whether to configure the default authentication method for all access types or service
types. The default authentication method applies to all access users. However, the method has a

lower priority than the authentication method that is specified for an access type or service type.

Configuration guidelines

When configuring authentication methods, follow these guidelines:

If a RADIUS scheme is used for authentication but not for authorization, AAA accepts only the
authentication result from the RADIUS server. The Access-Accept message from the RADIUS server

also includes the authorization information, but the device ignores the information.

To specify a scheme for user role authentication, make sure the user role is in the format of level-n.
If an HWTACACS scheme is specified, the device uses the entered username for role authentication.

If a RADIUS scheme is specified, the device uses the username $enabn$ on the RADIUS server for
role authentication. The variable n has the same value as the variable n in the target user role

level-n.

Configuration procedure

To configure authentication methods for an ISP domain:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter ISP domain view.

domain isp-name

N/A

3.

Specify the default
authentication method for

all types of users.

authentication default { hwtacacs-scheme
hwtacacs-scheme-name [ radius-scheme

radius-scheme-name ] [ local ] [ none ] |

ldap-scheme ldap-scheme-name [ local ]
[ none ] | local [ none ] | none | radius-scheme

radius-scheme-name [ hwtacacs-scheme

hwtacacs-scheme-name ] [ local ] [ none ] }

By default, the default
authentication method is

local.
The none keyword is not

supported in FIPS mode.

4.

Specify the authentication
method for LAN users.

authentication lan-access { ldap-scheme
ldap-scheme-name [ local ] [ none ] | local

[ none ] | none | radius-scheme
radius-scheme-name [ local ] [ none ] }

By default, the default
authentication method is

used for LAN users.
The none keyword is not
supported in FIPS mode.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: