218CHAPTER 9: AAA AND RADIUS OPERATION

userid@isp-name format, the system will take userid part as username for identification and take isp-name part as domain name.

The purpose of introducing ISP domain settings is to support the multi-ISP application environment. In such an environment, one access device might access users of different ISPs. Because the attributes of ISP users, such as username support and password formats, etc., are usually different, it is necessary to group them by setting ISP domain. In the Switch 7750 ISP domain view, you can configure a complete set of exclusive ISP domain attributes on a per-ISP domain basis, which includes AAA policy (RADIUS server group applied etc.)

For the Switch 7750, each supplicant belongs to an ISP domain. Up to 16 domains can be configured in the system. If a user has not reported its ISP domain name, the system will put it into the default domain.

Perform the following configurations in system view.

Table 229 Create/Delete ISP Domain

Operation

Command

 

 

Create ISP domain or enter the view of a

domain [ isp-name default {

specified domain.

disable enable isp-name } ]

Remove a specified ISP domain

undo domain isp-name

 

 

By default, the domain name system is already created. The attributes of system are all default values.

Configuring Relevant Attributes of an ISP Domain

The relevant attributes of an ISP domain include the adopted RADIUS server group, state, and maximum number of supplicants. Note the following:

The adopted RADIUS server group is the one used by all the users in the ISP domain. The RADIUS server group can be used for RADIUS authentication or accounting. By default, the default RADIUS server group is used. For details, refer to “Configuring the RADIUS Protocol ”.

Every ISP has active/block states. If an ISP domain is in active state, the users can request for network service, while in block state, users cannot request any network service. An ISP is in the block state when it is created.

Maximum number of supplicants specifies how many supplicants can be contained in the ISP. By default, for any ISP domain, there is no limit to the number of supplicants.

The idle cut function means that if the traffic from a certain connection is lower than the defined traffic, cut off the connection.

Perform the following configurations in ISP domain view.

Table 230 Configure Relevant Attributes of ISP Domain

Operation

Command

 

 

Specify the adopted RADIUS server group

radius-schemeradius-scheme-name

Specify the ISP domain state to be used

state { active block }

Set a limit to the amount of supplicants

access-limit { disable enable

 

max-user-number }

Page 218
Image 218
3Com 10014298 manual Configuring Relevant Attributes of an ISP Domain, Create/Delete ISP Domain