Configuration prerequisites, Configuration procedure – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

550

Figure 579 Determining the ISP domain for a user by the username

You can configure different authentication, authorization, and accounting methods for users in an ISP

domain. Or you can configure a set of default methods for an ISP domain. These default methods are

used for users for whom no specific AAA methods are configured.
AAA manages users in the same ISP domain based on their access types. The device supports the

following user access types:

•

LAN users—Users on a LAN who must pass 802.1X or MAC address authentication to access the
network.

•

Login users—Users who want to log in to the device, including SSH users, Telnet users, FTP users,
and terminal users.

•

Portal users—Users who must pass portal authentication to access the network.

•

PPP users—Users who access through PPP.

To improve device security, AAA provides command authorization for login users. Command

authorization enables the NAS to defer to the authorization server to determine whether a command
entered by a login user is permitted for the user, and allows login users to execute only authorized

commands.
For more information about AAA and ISP, see H3C Access Controllers Security Configuration Guide.

Configuration prerequisites

•

To deploy local authentication, first configure local users on the access device. See "

Configuring

users

."

•

To perform RADIUS authentication, first create the RADIUS schemes. See "

Configuring RADIUS

."

Configuration procedure

Step Remarks

1. Configuring an ISP domain

Optional.
Create ISP domains and specify one of them as the default ISP domain.
By default, there is an ISP domain named system, which is the default ISP

domain.