3Com Switch 7750 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

511

512

513

514

515

516

517

518

519

520

518 CHAPTER 49: AAA & RADIUS & HWTACACS CONFIGURATION

AAA Configuration The goal of AAA configuration is to protect network devices against unauthorized

access and at the same time provide network access services to authorized users. If

you need to use ISP domains to implement AAA management on access users,

you need to configure the ISP domains.

Configuration

Prerequisites

If you want to adopt remote AAA method, you must create a RADIUS or

HWTACACS scheme.

■ RADIUS scheme (radius-scheme): You can reference a configured RADIUS

scheme to implement AAA services. For the configuration of RADIUS scheme,

refer to “RADIUS Configuration” on page 525.

■ HWTACACS scheme (hwtacacs-scheme): You can reference a configured

RADIUS scheme to implement AAA services. For the configuration of RADIUS

scheme, refer to “HWTACACS Configuration” on page 532.

Creating an ISP Domain

HWTACACS

configuration

Create a

HWTACACS

scheme

Required “Creating a HWTACACS

Scheme” on page 532

Configure

HWTACACS

authentication

servers

Required “Configuring HWTACACS

Authentication Servers” on

page 532

Configure

HWTACACS

authorization

servers

Required “Configuring HWTACACS

Authorization Servers” on

page 533

Configure

HWTACACS

accounting servers

Optional “Configuring HWTACACS

Accounting Servers” on

page 533

Configure shared

keys for RADIUS

packets

Optional “Configuring Shared Keys

for RADIUS Packets” on

page 534

Configure the

attributes for data

to be sent to

TACACS servers

Optional “Configuring the

Attributes for Data to be

Sent to TACACS Servers”

on page 535

Configure the

timers of TACACS

servers

Optional “Configuring the Timers of

TACACS Servers” on page

535

Table 398 Configuration tasks

Operation Description Related section

Table 399 Create an ISP domain

Operation Command Description

Enter system view system-view -

Create an ISP domain and enter its

view, enter the view of an existing

ISP domain, or configure the default

ISP domain

domain { isp-name |

default { disable | enable

isp-name }}

Required

The default ISP

domain is “system”.