beautypg.com

Radius configuration task list, Configuring aaa, Configuration prerequisites – H3C Technologies H3C S5120 Series Switches User Manual

Page 415: Creating an isp domain

background image

1-9

RADIUS Configuration Task List

Task

Remarks

Creating a RADIUS Scheme

Required

Specifying the RADIUS Authentication/Authorization Servers

Required

Specifying the RADIUS Accounting Servers and Relevant Parameters

Optional

Setting the Shared Key for RADIUS Packets

Required

Setting the Upper Limit of RADIUS Request Retransmission Attempts

Optional

Setting the Supported RADIUS Server Type

Optional

Setting the Status of RADIUS Servers

Optional

Configuring Attributes Related to Data to Be Sent to the RADIUS Server

Optional

Enabling the RADIUS Trap Function

Optional

Specifying the Source IP Address for RADIUS Packets to Be Sent

Optional

Setting Timers Regarding RADIUS Servers

Optional

Configuring RADIUS Accounting-On

Optional

Enabling the Listening Port of the RADIUS Client

Optional

Displaying and Maintaining RADIUS

Optional

Configuring AAA

By configuring AAA, you can provide network access service for legal users, protect the networking

devices, and avoid unauthorized access and repudiation. In addition, you can configure ISP domains to

perform AAA on accessing users.

In AAA, users are divided into LAN users (such as 802.1X users) and login users (such as SSH, Telnet,

FTP, and terminal access users). Except for command line users, you can configure separate

authentication/authorization/accounting policies for all the other types of users. Command line users

can be configured with authorization policy independently.

Configuration Prerequisites

For remote authentication, authorization, or accounting, you must create the RADIUS scheme first. For

RADIUS scheme configuration, refer to

Configuring RADIUS

.

Creating an ISP Domain

An Internet service provider (ISP) domain represents a group of users belonging to it. For a username in

the userid@isp-name format, the access device considers the userid part the username for

authentication and the isp-name part the ISP domain name.

In a networking scenario with multiple ISPs, an access device may connect users of different ISPs. As

users of different ISPs may have different user attributes (such as username and password structure,

service type, and rights), you need to configure ISP domains to distinguish the users. In addition, you

need to configure different attribute sets including AAA methods for the ISP domains.

See also other documents in the category H3C Technologies Routers: