H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

851

852

853

854

855

856

857

858

859

860

Operation Manual – AAA RADIUS HWTACACS

H3C S7500E Series Ethernet Switches

Chapter 1 AAA/RADIUS/HWTACACS

Configuration

1-15

To do… Use the command… Remarks

Specify the maximum

number of users in the

ISP domain

access-limit { disable |

enable

max-user-number }

Optional

No limit by default

Configure the idle cut

function

idle-cut { disable |

enable minute }

Optional

Disabled by default

Enable the self-service

server localization

function and specify the

URL of the self-service

server for changing user

password

self-service-url { disable

| enable url-string }

Optional

Disabled by default

 Note:

A self-service RADIUS server, for example, CAMS, is required for the self-service

server localization function. With the self-service function, a user can manage and

control his or her accounting information or card number. A server with self-service

software is a self-service server.

1.3.4 Configuring an AAA Authentication Scheme for an ISP Domain

In AAA, authentication, authorization, and accounting are three separate processes.

Authentication refers to the interactive authentication process of

username/password/user information during access or service request. The

authentication process neither sends authorization information to a supplicant nor

triggers any accounting. You can configure AAA to use only authentication. If you do not

perform any authentication configuration, the system-default ISP domain uses the local

authentication scheme.

Before configuring an authentication scheme, complete these three tasks:

z For RADIUS or HWTACACS authentication, configure the RADIUS or

HWTACACS scheme to be referenced first. The local and none authentication

modes do not require any scheme.

z Determine the access mode or service type to be configured. With AAA, you can

configure an authentication scheme specifically for each access mode and service

type, limiting the authentication protocols that can be used for access.

z Determine whether to configure an authentication scheme for all access modes or

service types.

Follow these steps to configure an AAA authentication scheme for an ISP domain: