beautypg.com

5 configuring dynamic vlan assignment, 5 configuring dynamic vlan assignment -17, Configuring dynamic – H3C Technologies H3C S3100 Series Switches User Manual

Page 316: Vlan assignment

background image

Operation Manual – AAA – RADIUS – HWTACACS

H3C S3100-52P Ethernet Switch

Chapter 1 AAA & RADIUS & HWTACACS

Configuration

1-17

Table 1-8

Configure separate AAA schemes

Operation

Command

Description

Enter system view

system-view

Create an ISP domain

and enter its view, or enter

the view of an existing ISP

domain

domain

isp-name

Required

Configure an

authentication scheme for

the ISP domain

authentication

{

radius-scheme

radius-scheme-name

[ local ] |
hwtacacs-scheme

hwtacacs-scheme-name

[ local ] | local | none }

Optional
By default, no separate

authentication scheme is

configured.

Configure an

authorization scheme for

the ISP domain

authorization

{ none |

hwtacacs-scheme

hwtacacs-scheme-name

}

Optional
By default, no separate

authorization scheme is

configured.

Configure an accounting

scheme for the ISP

domain

accounting

{ none |

radius-scheme

radius-scheme-name

|

hwtacacs-scheme

hwtacacs-scheme-name

}

Optional
By default, no separate

accounting scheme is

configured.

Note:

z

If a combined AAA scheme is configured as well as the separate authentication,
authorization and accounting schemes, the separate ones will be adopted in
precedence.

z

RADIUS scheme and local scheme do not support the separation of authentication
and authorization. Therefore, pay attention when you make authentication and
authorization configuration for a domain: When the scheme radius-scheme or
scheme local

command is executed and the authentication command is not

executed, the authorization information returned from the RADIUS or local scheme
still takes effect even if the authorization none command is executed.

1.3.5 Configuring Dynamic VLAN Assignment

The dynamic VLAN assignment feature enables a switch to dynamically add the switch
ports of successfully authenticated users to different VLANs according to the attributes
assigned by the RADIUS server, so as to control the network resources that different
users can access.

See also other documents in the category H3C Technologies Routers: