Инструкции По Установке для 3com S7906E

1-10

9) The user inputs the password.

10) After receiving the login password, the HWTACACS client sends to the HWTACACS server a

continue-authentication packet carrying the login password.

11) The HWTACACS server sends back an authentication response indicating that the user has

passed authentication.

12) The HWTACACS client sends the user authorization request packet to the HWTACACS server.

13) The HWTACACS server sends back the authorization response, indicating that the user is

authorized now.

14) Knowing that the user is now authorized, the HWTACACS client pushes the configuration interface

of the NAS to the user.

15) The HWTACACS client sends a start-accounting request to the HWTACACS server.

16) The HWTACACS server sends back an accounting response, indicating that it has received the

start-accounting request.

17) The user logs off.

18) The HWTACACS client sends a stop-accounting request to the HWTACACS server.

19) The HWTACACS server sends back a stop-accounting response, indicating that the

stop-accounting request has been received.

Domain-Based User Management

An Internet service provider (ISP) domain accommodates a collection of users. NAS devices manage

users based on ISP domains. Each user belongs to an ISP domain. The ISP domain of a user is

determined by the username used for login, as shown in

Figure 1-7 Determine the ISP domain of a user by the username

The authentication, authorization, and accounting of a user depends on the AAA methods configured

for the domain that the user belongs to. If no specific AAA methods are configured for the domain, the

default ones are used. By default, a domain uses local authentication, local authorization, and local

accounting.

The AAA feature allows you to manage users based on their access types:

LAN users: Users on a LAN who access through, for example, 802.1X authentication or MAC

address authentication.

Portal users: Users who access through portal.