H3C S7500E Series Ethernet Switches Operation Manual
Operation Manual – AAA RADIUS HWTACACS
H3C S7500E Series Ethernet Switches
Chapter 1 AAA/RADIUS/HWTACACS
Configuration
1-16
To do… Use the command… Remarks
Enter system view
system-view
—
Create an ISP domain
and enter ISP domain
view
domain isp-name
Required
Specify the default
authentication scheme for
all types of users
authentication default
{ hwtacacs-scheme
hwtacacs-scheme-name
[ local ] | local | none |
radius-scheme
radius-scheme-name
[ local ] |
Optional
local by default
Specify the authentication
scheme for LAN access
users
authentication
lan-access { local | none
| radius-scheme
radius-scheme-name
[ local ] }
Optional
The default authentication
scheme is used by
default.
Specify the authentication
scheme for login users
authentication login
{ hwtacacs-scheme
hwtacacs-scheme-name
[ local ] | local | none |
radius-scheme
radius-scheme-name
[ local ] }
Optional
The default authentication
scheme is used by
default.
Specify the authentication
scheme for Portal users
authentication portal
{ none | radius-scheme
radius-scheme-name }
Optional
The default authentication
scheme is used by
default.
Note:
z The authentication scheme specified with the authentication default command is
for all types of users and has a priority lower than that for a specific access mode.
z With a RADIUS authentication scheme configured, AAA accepts only the
authentication result from the RADIUS server. The response from the RADIUS
server does include the authorization information when the authentication is
successful, but the authentication process ignores the information.
z With the radius-scheme radius-scheme-name local or hwtacacs-scheme
hwtacacs-scheme-name local keyword and argument combination configured, the
local scheme is the backup scheme and is used only when the RADIUS server or
HWTACACS server is not available.
z If the primary authentication scheme is local or none, the system performs local
authentication or does not perform any authentication, rather than uses the RADIUS
or HWTACACS scheme.