beautypg.com

H3C Technologies H3C SecBlade LB Cards User Manual

Page 84

background image

73

Self-service server location—Allows users to access the self-service server to manage their own

accounts and passwords.

An ISP domain attribute applies to all users in the domain.
A self-service RADIUS server running on IMC is required for the self-service server location function to

work.
To configure ISP domain attributes:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter ISP domain view.

domain isp-name

N/A

3.

Place the ISP domain to the
active or blocked state.

state { active | block }

Optional.
By default, an ISP domain is in active
state, and users in the domain can

request network services.

4.

Specify the maximum
number of online users in the

ISP domain.

access-limit enable
max-user-number

Optional.
No limit is specified by default.

5.

Enable the self-service server
location function and specify

the URL of the self-service
server.

self-service-url enable url-string

Optional.
Disabled by default.

6.

Set the device to include the

idle cut time in the user

online time to be uploaded
to the server.

session-time include-idle-time

Optional.
By default, the user online time

uploaded to the server excludes the
idle cut time.

Configuring authentication methods for an ISP domain

In AAA, authentication, authorization, and accounting are separate processes. Authentication refers to

the interactive authentication process of username/password/user information during an access or

service request. The authentication process neither sends authorization information to a supplicant nor

triggers any accounting.
AAA supports the following authentication methods:

No authentication (none)—No authentication is performed. This method trusts all users and is not
for general use.

Local authentication (local)—Authentication is performed by the NAS, which is configured with the
user information, including the usernames, passwords, and attributes. Local authentication allows

high speed and low cost, but the amount of information that can be stored is limited by the size of

the storage space.

Remote authentication (scheme)—The NAS cooperates with a RADIUS or HWTACACS server to

authenticate users. Remote authentication provides centralized information management, high
capacity, high reliability, and support for centralized authentication service for multiple NASs. You

can configure local or no authentication as the backup method, which will be used when the remote

server is not available.

You can configure AAA authentication to work alone without authorization and accounting.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: