3com 3.01.01 User Manual

C

HAPTER

 9: AAA 

AND

 RADIUS O

PERATION

[SW8800-radius-radius1]timer realtime-accounting 15

10 Configure the system to transmit the user name to the RADIUS server after 

removing the domain name. 

[SW8800-radius-radius1]user-name-format without-domain

[SW8800-radius-radius1]quit

11 Create the user domain 3com163.net and enters isp configuration mode. 

[SW8800]domain 3com163.net

12 Specify radius1 as the RADIUS server group for the users in the domain 

3com163.net. 

[SW8800-isp-3com163.net]radius-scheme radius1

13 Set a limit of 30 users to the domain 3com163.net. 

[SW8800-isp-3com163.net]access-limit enable 30

14 Enable idle cut function for the user and set the idle cut parameter in the domain 

3com163.net.

[SW8800-isp-3com163.net]idle-cut enable 50 5000

15 Add a local supplicant and sets its parameter.

[SW8800]local-user localuser

[SW8800-luser-localuser]attribute service-type lan-access

[SW8800-luser-localuser]password simple localpass

16 Enable the 802.1x globally. 

[SW8800]dot1x

The Authentication, Authorization, and Accounting (AAA) protocol provides a 
uniform framework for configuring these three security functions and implements 
network security management. 

The network security mentioned here refers to access control, including:

■

Which user can access the network server

■

Which service can the authorized user enjoy

■

How to keep accounts for the user who is using network resource

AAA provides the following services: 

■

Authenticates whether the user can access the network server. 

■

Authorizes the user with specified services. 

■

Accounts for network resources that are consumed by the user. 

Generally, by applying client/server architecture, AAA framework boasts the 
following advantages: 

■

Good scalability.

■

Ability to use standard authentication schemes.

■

Easy control, and convenient for centralized management of user information. 

■

Ability to use multiple-level backup systems to enhance the security of the 
whole framework.