343
AAA can be implemented through multiple protocols. The switch supports using RADIUS, which is the
most commonly used protocol in practice. For more information, see the chapter “RADIUS configuration.”
Domain-based user management
On a NAS, each user belongs to one Internet service provider (ISP) domain. A NAS determines the ISP
domain a user belongs to by the username entered by the user at login, and controls access of the user
based on the AAA methods configured for the domain. If no specific AAA methods are configured for the
domain, the default methods are used. See Figure 316.
Figure 316 Determine the ISP domain of a user by the username
Configuring AAA
Configuration prerequisites
To implement local user authentication, authorization, and accounting, you must create local users and
configure user attributes on the switch. See the chapter “User configuration.”
To implement remote authentication, authorization, or accounting, you must create the RADIUS schemes
to be referenced. For RADIUS scheme configuration information, see the chapter “RADIUS
configuration.”
Configuration task list
Task Remarks
Configuring an ISP domain
Optional
Create ISP domains and specify one of them as the default ISP domain.
By default, there is a system predefined ISP domain named system, which is the
default ISP domain.
To Next Page
Loading...
Need help?
General