3Com Switch 7750 Configuration Guide
AAA Configuration 521
Configuring separate AAA schemes
You can use the authentication, authorization, and accounting commands to
specify a scheme for each of the three AAA functions (authentication,
authorization and accounting) respectively. The following gives the
implementations of this separate way for the services supported by AAA.
■ For terminal users
Authentication: RADIUS, local, HWTACACS, or none.
Authorization: none or HWTACACS
Accounting: RADIUS, HWTACACS or none.
You can configure combined authentication, authorization and accounting
schemes by using the above implementations.
■ For FTP users
Only authentication is supported for FTP users.
Authentication: RADIUS, local, or HWTACACS.
Perform the following configuration in ISP domain view.
n
■ If a bound AAA scheme is configured as well as the separate authentication,
authorization and accounting schemes, the separate ones will be adopted in
precedence.
■ RADIUS scheme and local scheme do not support the separation of
authentication and authorization. Therefore, pay attention when you make
Table 402 Configure separate AAA schemes
Operation Command Description
Enter system view system-view -
Create an ISP domain or
enter the view of an existing
ISP domain
domain isp-name Required
Configure an authentication
scheme for the ISP domain
authentication { radius-scheme
radius-scheme-name [ local ] |
hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |
none }
Optional
By default, no
separate
authentication
scheme is
configured.
Configure an authorization
scheme for the ISP domain
authorization { none |
hwtacacs-scheme
hwtacacs-scheme-name }
Optional
By default, no
separate
authorization
scheme is
configured.
Configure an accounting
scheme for the ISP domain
accounting { none | radius-scheme
radius-scheme-name |
hwtacacs-scheme
hwtacacs-scheme-name }
Optional
By default, no
separate accounting
scheme is
configured.