3Com Switch 7750 Configuration Guide Guide
AAA Configuration 499
authorization and accounting) respectively. The following gives the
implementations of this separate way for the services supported by AAA.
■ For terminal users
Authentication: RADIUS, local, HWTACACS, or none.
Authorization: none or HWTACACS
Accounting: RADIUS, HWTACACS or none.
You can configure combined authentication, authorization and accounting
schemes by using the above implementations.
■ For FTP users
Only authentication is supported for FTP users.
Authentication: RADIUS, local, or HWTACACS.
Perform the following configuration in ISP domain view.
n
■ If a bound AAA scheme is configured as well as the separate authentication,
authorization and accounting schemes, the separate ones will be adopted in
precedence.
■ RADIUS scheme and local scheme do not support the separation of
authentication and authorization. Therefore, pay attention when you make
authentication and authorization configuration for a domain: if the scheme
radius-scheme or scheme local command is executed, the authorization
none command is executed, while the authentication command is not
Table 377 Configure separate AAA schemes
Operation Command Description
Enter system view system-view -
Create an ISP domain or enter
the view of an existing ISP
domain
domain isp-name Required
Configure an authentication
scheme for the ISP domain
authentication {
radius-scheme
radius-scheme-name [ local ] |
hwtacacs-scheme
hwtacacs-scheme-name [
local ] | local | none }
Optional
By default, no separate
authentication scheme is
configured.
Configure an authorization
scheme for the ISP domain
authorization { none |
hwtacacs-scheme
hwtacacs-scheme-name }
Optional
By default, no separate
authorization scheme is
configured.
Configure an accounting
scheme for the ISP domain
accounting { none |
radius-scheme
radius-scheme-name |
hwtacacs-scheme
hwtacacs-scheme-name }
Optional
By default, no separate
accounting scheme is
configured.