3Com Switch 4200G Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

181

182

183

184

185

186

187

188

189

190

174 CHAPTER 23: AAA&RADIUS CONFIGURATION

AAA Configuration The goal of AAA configuration is to protect network devices against unauthorized

access and at the same time provide network access services to legal users. If you

need to use ISP domains to implement AAA management on access users, you can

configure the ISP domains.

Configuration

Prerequisites

If you want to adopt remote AAA method, you must create a RADIUS scheme. You

can reference a configured RADIUS scheme in ISP domains to implement remote AAA

services. For the configuration of RADIUS scheme, refer to “RADIUS Configuration”.

Creating an ISP

Domain

Configuring the

Attributes of an ISP

Domain

Table 135 Create an ISP domain

Operation Command Description

Enter system view system-view —

Create an ISP domain and enter its

view, enter the view of an existing ISP

domain, or configure the default ISP

domain

domain { isp-name | default

{ disable | enable isp-name } }

Required

The default ISP domain

is “system”.

Table 136 Configure the attributes of an ISP domain

Operation Command Description

Enter system view system-view —

Create an ISP domain or enter the

view of an existing ISP domain

domain isp-name Required

Activate/deactivate the ISP

domain

state { active | block } Optional

By default, once an ISP

domain is created, it is

in the active state and

all the users in this

domain are allowed to

access the network.

Set the maximum number of

access users that can be contained

in the ISP domain

access-limit { disable | enable

max-user-number }

Optional

After an ISP domain is

created, the number of

access users it can

contain is unlimited by

default.

Set the user idle-cut function idle-cut { disable | enable minute

flow }

Optional

By default, user idle-cut

function is disabled.

Open/close the

accounting-optional switch

accounting optional Optional

By default, once an ISP

domain is created, the

accounting-optional

switch is closed.

Set the messenger function messenger time { enable limit

interval | disable }

Optional

By default, the

messenger function is

disabled.

Set the self-service server location

function

self-service-url { disable | enable

url-string }

Optional

By default, the

self-service server

location function is

disabled.