Table of Contents

1AAA Overview············································································································································1-1Introduction to AAA ·································································································································1-1Authentication··································································································································1-1Authorization····································································································································1-1Accounting·······································································································································1-2 Introduction to ISP Domain ·············································································································1-2 Introduction to AAA Services ··················································································································1-2 Introduction to RADIUS ···················································································································1-2 Introduction to HWTACACS ············································································································1-6

2AAA Configuration ····································································································································2-1AAA Configuration Task List ···················································································································2-1 Configuration Introduction ···············································································································2-1 Creating an ISP Domain and Configuring Its Attributes··································································2-2

Configuring an AAA Scheme for an ISP Domain ············································································2-3 Configuring Dynamic VLAN Assignment·························································································2-5 Configuring the Attributes of a Local User·······················································································2-6 Cutting Down User Connections Forcibly························································································2-8 RADIUS Configuration Task List·············································································································2-8 Creating a RADIUS Scheme ·········································································································2-10 Configuring RADIUS Authentication/Authorization Servers··························································2-10 Configuring RADIUS Accounting Servers ·····················································································2-11 Configuring Shared Keys for RADIUS Messages ·········································································2-12 Configuring the Maximum Number of RADIUS Request Transmission Attempts·························2-13 Configuring the Type of RADIUS Servers to be Supported ··························································2-13 Configuring the Status of RADIUS Servers···················································································2-14 Configuring the Attributes of Data to be Sent to RADIUS Servers ···············································2-15 Configuring the Local RADIUS Authentication Server Function ···················································2-16 Configuring Timers for RADIUS Servers·······················································································2-17 Enabling Sending Trap Message when a RADIUS Server Goes Down ·······································2-18 Enabling the User Re-Authentication at Restart Function·····························································2-18 HWTACACS Configuration Task List····································································································2-19 Creating a HWTACACS Scheme ··································································································2-20 Configuring TACACS Authentication Servers ···············································································2-20 Configuring TACACS Authorization Servers·················································································2-21 Configuring TACACS Accounting Servers ····················································································2-22 Configuring Shared Keys for HWTACACS Messages··································································2-22 Configuring the Attributes of Data to be Sent to TACACS Servers ··············································2-23 Configuring the Timers Regarding TACACS Servers ···································································2-24 Displaying and Maintaining AAA···········································································································2-25

AAAConfiguration Examples················································································································2-26 Remote RADIUS Authentication of Telnet/SSH Users ·································································2-26 Local Authentication of FTP/Telnet Users·····················································································2-28 HWTACACS Authentication and Authorization of Telnet Users ···················································2-29

i

Page 249
Image 249
3Com WX3000 operation manual Table of Contents