Configuring AAA 217
RADIUS server generally uses a proxy function of the devices, like access server, to
perform user authentication. The operation process is as follows:
1Send client username and encrypted password to RADIUS server.
2User receives one of the following response messages:
■ACCEPT: Indicates that the user has passed the authentication
■REJECT: Indicates that the user has not passed the authentication and needs to
input username and password again, otherwise he will be rejected from access.
Implementing AAA/RADIUS on Ethernet Switch
As described above, the Switch 7750, serving as the user access device, or NAS, is
the RADIUS client. Figure 57 illustrates the RADIUS authentication network.
Figure 57 Networking with Switch 7750 Applying RADIUS Authentication
Configuring AAA AAA configuration includes tasks that are described in the following sections:
■Creating/Deleting an ISP Domain
■Configuring Relevant Attributes of an ISP Domain
■Creating a Local User
■Setting Attributes of a Local User
■Disconnecting a User by Force
Among the above configuration tasks, creating an ISP domain is required,
otherwise the supplicant attributes cannot be distinguished. The other tasks are
optional. You can configure them as required.
Creating/Deleting an ISP Domain
An ISP domain is a group of users belonging to the same ISP. Taking
gw20010608@3com163.net as an example in the userid@isp-name format, the
isp-name (i.e. 3com163.net) following the @ is the ISP domain name. When the
Switch 7750 controls user access, as for an ISP user whose username is in
PC use1
PC user2
PC user3
PC user4
Switch 7700
Switch 7700
Switch 7700
Switch 7700
Internet
ISP1
ISP2
Authentication
server
Accounting
server1