2 domains and address pool, Domains, Address pool – Panasonic 8000 User Manual

1 AAA troubleshooting

Nortel Secure Router 8000 Series

_________ Troubleshooting - VAS

After receiving an AAA authentication or accounting message, the NAS enables

server detection if the status of the server is Down. It then transforms the message
into a packet and sends the packet to the current server. The NAS regards the server
as normal only after receiving a response packet from the current server.

local buffer retransmission of Accounting Stop packets

If the number of retransmission events exceeds the value configured, packets are
saved to the buffer queue. The system timer periodically scans the queue, extracts the
packets, sends them to the specific server, and enables the waiting timer. If the
transmission fails or no response packet is received from the server within the
timeout period, the packet is again put back into the buffer queue.

autoswitch of the RADIUS server

If the waiting timer expires and the current server is Down or the number of
retransmission events exceeds the maximum, another server in the server group
assumes the role of the current server to transmit packets.

1.1.2 Domains and address pool

Domains

Most AAA configurations are related to domains. NAS divides users into different groups
based on the character string that follows the @ symbol in user names. For example,
user0001@isp1 belongs to the domain isp1 and user0002@isp2 belongs to isp2.

If no @ symbol appears in the user name, the user belongs to the default domain.

Users in the same domain have similar attributes. Configuration in a domain view can affect
all users in the domain, and domain resources can be used by all the users in the domain.

You can configure AAA schemes in a domain view. For the default domain, AAA uses the
default schemes for the domain. You can also configure a RADIUS or HWTACACS server
template.

Address pool

Point-to-Point Protocol (PPP) users can use PPP address negotiation to obtain the IP address
of the local interface from the NAS. The methods are as follows:

•

Use the remote address command in the interface view to allocate an IP address to the
peer.

•

Configure an address pool in the AAA view and then use the remote address pool
command to allocate the address from the address pool to the peer.

Allocating the address from the address pool is the more flexible approach. In addition, the
address pool can be used together with the domain. Configure a global address pool in the
AAA view and a domain address pool in the domain view. Users in the domain can use the
domain address pool preferentially.

1.1.3 Schemes and modes

Authentication schemes and modes

AAA supports four authentication modes:

•

local authentication

1-4

Nortel Networks Inc.

Issue 01.01 (30 March 2009)