R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
140
By default, an ISP domain uses the local accounting method.
Before configuring accounting methods, complete these three tasks:
1. For RADIUS accounting, configure the RADIUS scheme to be referenced first. The local and none
authentication methods do not require any scheme.
2. Determine the access mode or service type to be configured. With AAA, you can configure an
accounting method specifically for each access mode and service type, limiting the accounting
protocols that can be used for access.
3. Determine whether to configure an accounting method for all access modes or service types.
Follow these steps to configure AAA accounting methods for an ISP domain:
To do… Use the command…
Remarks
Enter system view
system-view
—
Enter ISP domain view domain isp-name —
Enable the accounting optional
feature
accounting optional
Optional
Disabled by default
Specify the default accounting
method for all types of users
accounting default { local | none |
radius-scheme
radius-scheme-name [ local ] }
Optional
local by default
Specify the accounting method for
login users
accounting login { local | none |
radius-scheme
radius-scheme-name [ local ] }
Optional
The default accounting method is
used by default.
NOTE:
• With the accounting optional command configured, a user that would be otherwise disconnected can
still use the network resources even when no accounting server is available or communication with the
current accounting server fails.
• The local accounting method is not used to implement accounting, but to work together with the
access-limit command, which is configured in local user view, to limit the number of local user
connections. However, with the accounting optional command configured, the limit on the number of
local user connections is not effective.
• The accounting method specified with the accounting default command is for all types of users and has
a priority lower than that for a specific access mode.
• With the radius-scheme
radius-scheme-name
local keyword and argument combination configured,
local accounting is the backup method and is used only when the remote server is not available.
• If the primary accounting method is local or none, the system performs local accounting or does not
perform any accounting, and will not use the RADIUS accounting scheme.
• In login access mode, accounting is not supported for FTP services.
Configuring local user attributes
To implement local user authentication, authorization, and accounting, you must create local users and
configure user attributes on the LB module. The local users and attributes are stored in the local user
database on the LB module. A local user is uniquely identified by a username. Configurable local user
attributes are as follows:
• Service type