3Com Switch 8800 Advanced Software V5 Configuration Guide
Configuring AAA 891
do not perform any authentication configuration, the system-default ISP domain
uses the local authentication scheme.
Before configuring an authentication scheme, complete these three tasks:
■ For RADIUS or HWTACACS authentication, configure the RADIUS or
HWTACACS scheme to be referenced first. The local and none authentication
modes do not require any scheme.
■ Determine the access mode or service type to be configured. With AAA, you
can configure an authentication scheme specifically for each access mode and
service type, limiting the authentication protocols that can be used for access.
■ Determine whether to configure an authentication scheme for all access modes
or service types.
Follow these steps to configure an AAA authentication scheme for an ISP domain:
n
■ The authentication scheme specified with the authentication default
command is for all types of users and has a priority lower than that for a
specific access mode.
■ With a RADIUS authentication scheme configured, AAA accepts only the
authentication result from the RADIUS server. The response from the RADIUS
server does include the authorization information when the authentication is
successful, but the authentication process ignores the information.
■ With the radius-scheme radius-scheme-name local or hwtacacs-scheme
hwtacacs-scheme-name local keyword and argument combination configured,
the local scheme is the backup scheme when the RADIUS server or HWTACACS
server does not make normal response. That is, when the RADIUS server or
To do... Use the command... Remarks
Enter system view system-view -
Create an ISP domain or enter
ISP domain view
domain isp-name Required
Specify an authentication
scheme for all types of users
authentication default {
hwtacacs-scheme
hwtacacs-scheme-name [
local ] | local | none |
radius-scheme
radius-scheme-name [ local ] |
Optional
local by default
Specify the authentication
scheme for LAN access users
authentication lan-access {
local | none | radius-scheme
radius-scheme-name [ local ] }
Optional
Specify the authentication
scheme for login users
authentication login {
hwtacacs-scheme
hwtacacs-scheme-name [
local ] | local | none |
radius-scheme
radius-scheme-name [ local ] }
Optional
Specify the authentication
scheme for PPP users
authentication ppp {
hwtacacs-scheme
hwtacacs-scheme-name [
local ] | local | none |
radius-scheme
radius-scheme-name [ local ] }
Optional