Configuring an aaa scheme for an isp domain, Configuring an aaa scheme for an isp domain -3, Configuring a combined aaa scheme – H3C Technologies H3C WX3000 Series Unified Switches User Manual

Page 255

Advertising
background image

25-3

z

The self-service server location function needs the cooperation of a RADIUS server that supports
self-service, such as comprehensive access management server (CAMS). Through self-service,
users can manage and control their account or card numbers by themselves. A server installed
with self-service software is called a self-service server.

H3C's CAMS Server is a service management system used to manage networks and ensure network
and user information security. With the cooperation of other networking devices in a network, a CAMS
server can implement the AAA functions and right management.

Configuring an AAA Scheme for an ISP Domain

You can configure either of the following AAA schemes:

Configuring a combined AAA scheme

You can use the scheme command to specify an AAA scheme for an ISP domain. If you specify a
RADIUS or HWTACACS scheme, the authentication, authorization and accounting will be uniformly
implemented by the RADIUS or TACACS server(s) specified in the RADIUS or HWTACACS scheme. In
this way, you cannot specify different schemes for authentication, authorization and accounting
respectively.

Follow these steps to configure a combined AAA scheme:

To do…

Use the command…

Remarks

Enter system view

system-view

Create an ISP domain and enter its
view, or enter the view of an
existing ISP domain

domain

isp-name

Required

Configure an AAA scheme for the
ISP domain

scheme

{ local | none |

radius-scheme

radius-scheme-name

[ local ] | hwtacacs-scheme
hwtacacs-scheme-name

[ local ] }

Required
By default, an ISP domain
uses the local AAA scheme.

z

You can execute the scheme radius-scheme radius-scheme-name command to adopt an already
configured RADIUS scheme to implement all the three AAA functions. If you adopt the local
scheme, only the authentication and authorization functions are implemented, the accounting
function cannot be implemented.

z

If you execute the scheme radius-scheme radius-scheme-name local command, the local
scheme is used as the secondary scheme in case no RADIUS server is available. That is, if the
communication between the device and a RADIUS server is normal, no local authentication is
performed; otherwise, local authentication is performed.

Advertising