3Com Switch 7750 Configuration Guide Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

491

492

493

494

495

496

497

498

499

500

498 CHAPTER 48: AAA & RADIUS & HWTACACS CONFIGURATION

Configuring an AAA

Scheme for an ISP

Domain

You can configure an AAA scheme in one of the following two ways:

Configuring a bound AAA scheme

You can use the scheme command to specify an AAA scheme. If you specify a

RADIUS or HWTACACS scheme, the authentication, authorization and accounting

will be uniformly implemented by the RADIUS server or TACACS server specified in

the RADIUS or HWTACACS scheme. In this way, you cannot specify different

schemes for authentication, authorization and accounting respectively.

CAUTION:

■ You can execute the scheme command with the radius-scheme-name

argument to adopt an already configured RADIUS scheme to implement all the

three AAA functions. If you adopt the local scheme, only the authentication

and authorization functions are implemented, the accounting function cannot

be implemented.

■ If you execute the scheme radius-scheme radius-scheme-name local

command, the local scheme becomes the secondary scheme in case the

RADIUS server does not response normally. That is, if the communication

between the switch and the RADIUS server is normal, no local authentication is

performed; otherwise, local authentication is performed.

■ If you execute the scheme hwtacacs-scheme radius-scheme-name local

command, the local scheme becomes the secondary scheme in case the

TACACS server does not respond normally. That is, if the communication

between the switch and the TACACS server is normal, no local authentication

is performed; otherwise, local authentication is performed.

■ If you adopt local or none as the primary scheme, the local authentication is

performed or no authentication is performed. In this case, you cannot perform

RADIUS authentication at the same time.

Configuring separate AAA schemes

You can use the authentication, authorization, and accounting commands to

specify a scheme for each of the three AAA functions (authentication,

Tabl e 376 Configure an AAA scheme for an ISP domain

Operation Command Description

Enter system view system-view -

Create an ISP domain or enter

the view of an existing ISP

domain

domain isp-name Required

Configure an AAA scheme for

the ISP domain

scheme { local | none |

radius-scheme

radius-scheme-name [ local ] |

hwtacacs-scheme

hwtacacs-scheme-name [

local ] }

Required

By default, the ISP domain

uses the local AAA scheme.

Configure an RADIUS scheme

for the ISP domain

radius-scheme

radius-scheme-name

Optional

This function can also be

implemented by using the

scheme command to specify

the RADIUS scheme to be

used.