beautypg.com

Aaa configuration considerations and task list – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 29

background image

15

No. Sub-attribute

Description

26

Connect_ID

Index of the user connection.

28 Ftp_Directory

Working directory of the FTP user.
For an FTP user, when the RADIUS client acts as the FTP server, this attribute
is used to set the FTP directory on the RADIUS client.

29

Exec_Privilege

Priority of the EXEC user.

59

NAS_Startup_Timestam
p

Startup time of the NAS in seconds, which is represented by the time elapsed
after 00:00:00 on Jan. 1, 1970 (UTC).

60 Ip_Host_Addr

User IP address and MAC address carried in authentication and accounting
requests, in the format A.B.C.D hh:hh:hh:hh:hh:hh. A space is required

between the IP address and the MAC address.

61

User_Notify

Information that needs to be sent from the server to the client transparently.

62 User_HeartBeat

Hash value assigned after an 802.1X user passes authentication, which is a
32-byte string. This attribute is stored in the user list on the device and is used
for verifying the handshake messages from the 802.1X user. This attribute

exists in only Access-Accept and Accounting-Request packets.

140 User_Group

User groups assigned after the SSL VPN user passes authentication. A user
may belong to more than one user group. In this case, the user groups are

delimited by semi-colons. This attribute is used for cooperation with the SSL
VPN device.

141 Security_Level

Security level assigned after the SSL VPN user passes security authentication.

201 Input-Interval-Octets

Bytes input within a real-time accounting interval.

202 Output-Interval-Octets Bytes output within a real-time accounting interval.

203 Input-Interval-Packets

Packets input within an accounting interval, in the unit set on the device.

204 Output-Interval-Packets

Packets output within an accounting interval, in the unit set on the device.

205

Input-Interval-Gigaword
s

Result of bytes input within an accounting interval divided by 4G bytes.

206

Output-Interval-Gigawo
rds

Result of bytes output within an accounting interval divided by 4G bytes.

207 Backup-NAS-IP

Backup

source IP address for sending RADIUS packets.

255 Product_ID

Product

name.

AAA configuration considerations and task list

To configure AAA, you must complete these tasks on the NAS:

1.

Configure the required AAA schemes.

Local authentication—Configure local users and the related attributes, including the usernames and
passwords of the users to be authenticated.

Remote authentication—Configure the required RADIUS, HWTACACS, and LDAP schemes. You
must configure user attributes on the servers accordingly.

2.

Configure AAA methods for the users' ISP domains.

Authentication method—No authentication (none), local authentication (local), or remote
authentication (scheme)