beautypg.com

Configuring an aaa scheme for an isp domain, Configuring a combined aaa scheme – H3C Technologies H3C S3100 Series Switches User Manual

Page 417

background image

2-3

z

If you have configured to use "." as the delimiter, for a user name that contains multiple ".", the first

"." will be used as the domain delimiter.

z

If you have configured to use "@" as the delimiter, the "@" must not appear more than once in the

user name.

z

If the system does not find any available accounting server or fails to communicate with any

accounting server when it performs accounting for a user, it does not disconnect the user as long

as the accounting optional command has been executed, though it cannot perform accounting for

the user in this case.

z

The self-service server location function needs the cooperation of a RADIUS server that supports

self-service, such as comprehensive access management server (CAMS). Through self-service,

users can manage and control their account or card numbers by themselves. A server installed

with self-service software is called a self-service server.

H3C's CAMS Server is a service management system used to manage networks and ensure network

and user information security. With the cooperation of other networking devices (such as switches) in a

network, a CAMS server can implement the AAA functions and right management.

Configuring an AAA Scheme for an ISP Domain

You can configure a combined AAA scheme or separate AAA scheme on the switch.

z

If both are configured, separate AAA schemes apply.

z

Once the authentication command is configured, separate AAA schemes, if any, apply.

Configuring a combined AAA scheme

You can configure a combined AAA scheme by using the scheme command.

Before configuring a combined AAA scheme, do the following:

z

For RADIUS or HWTACACS authentication, configure the RADIUS or HWTACACS scheme to be

referenced first. The local and none authentication methods do not require any scheme.

z

Determine the access mode or service type to be configured. With AAA, you can configure an

authentication method specifically for each access mode and service type, limiting the

authentication protocols that can be used for access.

z

Determine whether to configure an authentication method for all access modes or service types.

Table 2-4 Configure a combined AAA scheme

Operation

Command

Remarks

Enter system view

system-view

See also other documents in the category H3C Technologies Routers: