3Com Switch 8800 Family Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

231

232

233

234

235

236

237

238

239

240

240 CHAPTER 26: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION

For 3Com Series Switches, each supplicant belongs to an ISP domain. Up to 16

domains can be configured in the system. If a user has not reported its ISP domain

name, the system will put it into the default domain.

Perform the following configuration in system view.

By default, a domain named "system" has been created in the system. The

attributes of "system" are all default values.

Configuring Relevant

Attributes of an ISP

Domain

The relevant attributes of ISP domain include the adopted RADIUS scheme, ISP

domain state, maximum number of supplicants, accounting optional

enable/disable state, address pool definition, IP address assignment for PPP

domain users, and user idle-cut enable/disable state where:

■ The adopted RADIUS scheme is the one used by all the users in the ISP domain.

The RADIUS scheme can be used for RADIUS authentication or accounting. By

default, the default RADIUS scheme is used. The command shall be used

together with the commands of setting RADIUS server and server cluster. For

details, refer to the following Configuring RADIUS section of this chapter. If

Local is configured as the first scheme, only the Local scheme will be adopted,

neither RADIUS nor HWTACACS scheme will be adopted. When Local scheme

is adopted, only authentication and authorization will be performed,

accounting will not be performed. None has the same effect as Local. The

usernames used for Local authentication carry no domain name, so if the Local

scheme is configured, pay attention not to add domain name to the username

when you configure a Local user.

■ Every ISP domain has two states: Active and Block. If an ISP domain is in Active

state, the users in it are allowed to request network services, while in Block

state, its users are inhibit from requesting any network service, which will not

affect the users already online. An ISP is in Active state once it is created, that

is, at that time, all the users in the domain are allowed to request network

services.

■ Maximum number of supplicants specifies how many supplicants can be

contained in the ISP. For any ISP domain, there is no limit to the number of

supplicants by default.

■ The idle cut function means: If the traffic from a certain connection is lower

than the defined traffic, cut off this connection.

■ The PPP access users can obtain IP addresses through the PPP address

negotiation function.

Perform the following configuration in ISP domain view.

Tabl e 198 Create/Delete an ISP domain

Operation Command

Create ISP domain or enter the view of a

specified domain

domain isp-name

Remove a specified ISP domain undo domain isp-name

Enable the default ISP domain specified by

isp-name

domain default enable isp-name

Restore the default ISP domain to "system" domain default disable