Инструкции По Установке для 3com S7906E
1-14
Task
Remarks
Optional
Optional
Configuring AAA
By configuring AAA, you can provide network access service for legal users, protect the networking
devices, and avoid unauthorized access and repudiation. In addition, you can configure ISP domains to
perform AAA on accessing users.
Configuration Prerequisites
For remote authentication, authorization, or accounting, you must create the RADIUS or HWTACACS
scheme first. For RADIUS scheme configuration, refer to
. For HWTACACS
scheme configuration, refer to
Creating an ISP Domain
In a networking scenario with multiple ISPs, an access device may connect users of different ISPs. As
users of different ISPs may have different user attributes (such as username and password structure,
service type, and rights), you need to configure ISP domains to distinguish the users. In addition, you
need to configure different AAA methods for the ISP domains.
For the NAS, each user belongs to an ISP domain. Up to 16 ISP domains can be configured on a NAS.
If a user does not provide the ISP domain name, the system considers that the user belongs to the
default ISP domain.
Follow these steps to create an ISP domain:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create an ISP domain and
enter ISP domain view
enter ISP domain view
domain isp-name
Required
Return to system view
quit
—
Specify the default ISP domain
domain default enable
isp-name
isp-name
Optional
By default, the system has a
default ISP domain named
system.
default ISP domain named
system.
z
You cannot delete the default ISP domain unless you change it to a non-default ISP domain (with
the domain default disable command) first.
z
If a user enters a username without an ISP domain name, the device uses the authentication
method configured for the default ISP domain to authenticate the user.