3com 8807 User Guide
AAA Configuration
239
Figure 62 Network diagram for using RADIUS to authenticate
AAA Configuration
The following sections describe AAA configuration tasks.
■
■
■
■
■
■
■
Among the above configuration tasks, creating ISP domain is compulsory;
otherwise the supplicant attributes cannot be distinguished. The other tasks are
optional. You can configure them at requirements.
otherwise the supplicant attributes cannot be distinguished. The other tasks are
optional. You can configure them at requirements.
Creating/Deleting an ISP
Domain
What is Internet Service Provider (ISP) domain? To make it simple, ISP domain is a
group of users belonging to the same ISP. Generally, for a username in the
userid@isp-name format, taking gw20010608@3Com163.net as an example, the
isp-name (i.e. 3Com163.net) following the @ is the ISP domain name. When
3Com Series Switches control user access, as for an ISP user whose username is in
userid@isp-name format, the system will take userid part as username for
identification and take isp-name part as domain name.
group of users belonging to the same ISP. Generally, for a username in the
userid@isp-name format, taking gw20010608@3Com163.net as an example, the
isp-name (i.e. 3Com163.net) following the @ is the ISP domain name. When
3Com Series Switches control user access, as for an ISP user whose username is in
userid@isp-name format, the system will take userid part as username for
identification and take isp-name part as domain name.
The purpose of introducing ISP domain settings is to support the multi-ISP
application environment. In such environment, one access device might access
users of different ISP. Because the attributes of ISP users, such as username and
password formats, etc, may be different, it is necessary to differentiate them
through setting ISP domain. In 3Com Series Switches ISP domain view, you can
configure a complete set of exclusive ISP domain attributes on a per-ISP domain
basis, which includes AAA policy (RADIUS scheme applied etc.)
application environment. In such environment, one access device might access
users of different ISP. Because the attributes of ISP users, such as username and
password formats, etc, may be different, it is necessary to differentiate them
through setting ISP domain. In 3Com Series Switches ISP domain view, you can
configure a complete set of exclusive ISP domain attributes on a per-ISP domain
basis, which includes AAA policy (RADIUS scheme applied etc.)
Internet
PC user1
PC user2
PC user3
PC user4
S3000 series
S2000 series
ISP1
ISP2
Authentication
Server
Accounting
Server1
Switch 8800
Switch 8800