beautypg.com

Creating an isp domain, Configuring isp domain attributes – H3C Technologies H3C SecBlade LB Cards User Manual

Page 83

background image

72

Creating an ISP domain

In a networking scenario with multiple ISPs, the device can connect users of different ISPs. Different ISP

users can have different user attributes (such as username and password structures), different service

types, and different rights. To manage these ISP users, you need to create ISP domains and then
configure AAA methods and domain attributes for each ISP domain.
The device can accommodate up to 16 ISP domains, including the system predefined ISP domain system.

You can specify one ISP domain as the default domain.
On the device, each user belongs to an ISP domain. If a user provides no ISP domain name at login, the

device considers the user belongs to the default ISP domain.
The device chooses an authentication domain for each user in the following order:

The authentication domain specified for the access module

The ISP domain in the username

The default ISP domain of the device

The ISP domain specified for users with unknown domain names

If all the domains are unavailable, user authentication will fail.
To create an ISP domain:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an ISP domain and
enter ISP domain view.

domain isp-name N/A

3.

Return to system view.

quit

N/A

4.

Specify the default ISP

domain.

domain default enable
isp-name

Optional.
By default, the default ISP domain is the
system predefined ISP domain system.

5.

Specify an ISP domain for
users with unknown domain

names.

domain if-unknown
isp-name

Optional.
By default, no ISP domain is specified for
users with unknown domain names.

To delete the ISP domain that is functioning as the default ISP domain, you must change it to a non-default

ISP domain by using the undo domain default enable command.

Configuring ISP domain attributes

In an ISP domain, you can configure the following attributes:

Domain status—By placing the ISP domain to the active or blocked state, you allow or deny

network service requests from users in the domain.

Maximum number of online users—The device controls the number of online users in a domain to
ensure the system performance and service reliability.

Idle cut—Enables the device to check the traffic of each online user in the domain at the idle timeout
interval, and to log out any user in the domain whose traffic during the idle timeout period is less

than the specified minimum traffic.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: