3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

261

262

263

264

265

266

267

268

269

270

AAA Configuration Commands 263

disable: Disables the configured default ISP domain. It results in refusal of the

usernames that are sent excluding domain names. If you configure user names to

be sent to RADIUS servers without domain names, these user names will not be

rejected.

enable: Enables the configured default ISP domain. It is to be appended to the

usernames that are received without domain name before they are sent to the

intended AAA servers. If you configure user names to be sent to RADIUS servers

without domain names, these user names will not appended with the default

domain name.

Description

Use the domain command to configure an ISP domain or enter the view of an

existing ISP domain.

Use the undo domain command to cancel a specified ISP domain.

By default, the system uses the domain named system. You cannot delete it, but

you are allowed to modify its configuration. In addition, you can view its settings

using the display domain command.

ISP domain is a group of users belonging to the same ISP. Generally, for a

username in the userid@isp-name format, gw20010608@3com163.net for

example, the isp-name ("3com163.net" in the example) following the "@" is the

ISP domain name. When an AAA server controls user access, for an ISP user whose

username is in userid@isp-name format, the system takes the part "userid" as

username for identification and takes the part "isp-name" as domain name.

The purpose of introducing ISP domain settings is to support the application

environment with several ISP domains. In this case, an access device may have

supplicants from different ISP domains. Because the attributes of ISP users, such as

username and password structures, service types, may be different, it is necessary

to separate them by setting ISP domains. In ISP domain view, you can configure a

complete set of ISP domain attributes for each ISP domain, including an AAA

scheme (the RADIUS scheme applied).

For a security gateway, each supplicant belongs to an ISP domain. The system

supports to configure up to 16 ISP domains.

When this command is used, if the specified ISP domain does not exist, the system

will create a new ISP domain. All the ISP domains are in the active state when

they are created.

Related command: access-limit, scheme, state, and display domain.

Example

# Create a new ISP domain, 3com163.net, and enters its view.

[SecBlade_FW] domain 3com163.net

New Domain added.

[SecBlade_FW-isp-3com163.net]

ip pool Syntax

ip pool pool-number low-ip-address [ high-ip-address ]