Aaa configuration considerations and task list – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 29
15
No. Sub-attribute
Description
26
Connect_ID
Index of the user connection.
28 Ftp_Directory
Working directory of the FTP user.
For an FTP user, when the RADIUS client acts as the FTP server, this attribute
is used to set the FTP directory on the RADIUS client.
29
Exec_Privilege
Priority of the EXEC user.
59
NAS_Startup_Timestam
p
Startup time of the NAS in seconds, which is represented by the time elapsed
after 00:00:00 on Jan. 1, 1970 (UTC).
60 Ip_Host_Addr
User IP address and MAC address carried in authentication and accounting
requests, in the format A.B.C.D hh:hh:hh:hh:hh:hh. A space is required
between the IP address and the MAC address.
61
User_Notify
Information that needs to be sent from the server to the client transparently.
62 User_HeartBeat
Hash value assigned after an 802.1X user passes authentication, which is a
32-byte string. This attribute is stored in the user list on the device and is used
for verifying the handshake messages from the 802.1X user. This attribute
exists in only Access-Accept and Accounting-Request packets.
140 User_Group
User groups assigned after the SSL VPN user passes authentication. A user
may belong to more than one user group. In this case, the user groups are
delimited by semi-colons. This attribute is used for cooperation with the SSL
VPN device.
141 Security_Level
Security level assigned after the SSL VPN user passes security authentication.
201 Input-Interval-Octets
Bytes input within a real-time accounting interval.
202 Output-Interval-Octets Bytes output within a real-time accounting interval.
203 Input-Interval-Packets
Packets input within an accounting interval, in the unit set on the device.
204 Output-Interval-Packets
Packets output within an accounting interval, in the unit set on the device.
205
Input-Interval-Gigaword
s
Result of bytes input within an accounting interval divided by 4G bytes.
206
Output-Interval-Gigawo
rds
Result of bytes output within an accounting interval divided by 4G bytes.
207 Backup-NAS-IP
Backup
source IP address for sending RADIUS packets.
255 Product_ID
Product
name.
AAA configuration considerations and task list
To configure AAA, you must complete these tasks on the NAS:
1.
Configure the required AAA schemes.
•
Local authentication—Configure local users and the related attributes, including the usernames and
passwords of the users to be authenticated.
•
Remote authentication—Configure the required RADIUS, HWTACACS, and LDAP schemes. You
must configure user attributes on the servers accordingly.
2.
Configure AAA methods for the users' ISP domains.
•
Authentication method—No authentication (none), local authentication (local), or remote
authentication (scheme)
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000