3com 5500-SI Manual De Usuario
AAA and RADIUS Protocol Configuration 411
Among the above configuration tasks, creating ISP domain is compulsory, otherwise
the user attributes cannot be distinguished. The other tasks are optional. You can
configure them at requirements.
the user attributes cannot be distinguished. The other tasks are optional. You can
configure them at requirements.
Creating/Deleting an ISP
Domain
What is Internet Service Provider (ISP) domain? To make it simple, ISP domain is a
group of users belonging to the same ISP. Generally, for a username in the
userid@isp-name format, taking gw20010608@3com163.net as an example, the
isp-name (that is
group of users belonging to the same ISP. Generally, for a username in the
userid@isp-name format, taking gw20010608@3com163.net as an example, the
isp-name (that is
3com163.net) following the @ is the ISP domain name. When the
Switch 5500 controls user access, as for an ISP user whose username is in
userid@isp-name format, the system will take userid part as username for
identification and take isp-name part as domain name.
userid@isp-name format, the system will take userid part as username for
identification and take isp-name part as domain name.
The purpose of introducing ISP domain settings is to support the multi-ISP application
environment. In such an environment, one access device might access users of
different ISP. Because the attributes of ISP users, such as username and password
formats, and so on, may be different, it is necessary to differentiate them through
setting ISP domain. In the Switch 5500 units, ISP domain view, you can configure a
complete set of exclusive ISP domain attributes on a per-ISP domain basis, which
includes AAA policy ( RADIUS scheme applied)
environment. In such an environment, one access device might access users of
different ISP. Because the attributes of ISP users, such as username and password
formats, and so on, may be different, it is necessary to differentiate them through
setting ISP domain. In the Switch 5500 units, ISP domain view, you can configure a
complete set of exclusive ISP domain attributes on a per-ISP domain basis, which
includes AAA policy ( RADIUS scheme applied)
For the Switch 5500, each user belongs to an ISP domain. Up to 16 domains can be
configured in the system. If a user has not reported their ISP domain name, the
system will put them into the default domain.
configured in the system. If a user has not reported their ISP domain name, the
system will put them into the default domain.
Perform the following configurations in System View.
Table 437 Creating/Deleting an ISP Domain
By default, a domain named “system” has been created in the system. Its attributes
are all default values.
are all default values.
Configuring Relevant
Attributes of the ISP
Domain
The relevant attributes of ISP domain include the AAA scheme, domain state,
maximum number of users, the idle-cut function, the accounting optional option, the
messenger alert and self-service server URL.
maximum number of users, the idle-cut function, the accounting optional option, the
messenger alert and self-service server URL.
Perform the following configurations in ISP Domain View.
Configuring AAA Scheme
The AAA schemes includes:
■
RADIUS scheme—you can implement authentication, authorization, and
accounting by referencing the RADIUS server group. The adopted RADIUS scheme
is the one used by all the users in the ISP domain. For detailed information of the
commands of setting RADIUS scheme, refer to “Configuring the RADIUS
Protocol”.
accounting by referencing the RADIUS server group. The adopted RADIUS scheme
is the one used by all the users in the ISP domain. For detailed information of the
commands of setting RADIUS scheme, refer to “Configuring the RADIUS
Protocol”.
■
Local authentication—if you use the local scheme, you can only implement
authentication and authorization at local without RADIUS server.
authentication and authorization at local without RADIUS server.
Operation
Command
Create ISP domain or enter the view of a
specified domain.
specified domain.
domain
isp_name
Remove a specified ISP domain
undo domain
isp_name
Enable the default ISP domain specified by
isp-name
isp-name
domain default enable
isp_name
Restore the default ISP domain to "system" domain default disable