To do…

 

Use the command…

 

Remarks

 

 

 

 

 

Optional

 

Set the accounting-optional

 

accounting optional

 

By default, the

 

switch

 

 

accounting-optional switch is

 

 

 

 

 

 

 

 

 

off.

 

 

 

 

 

 

 

 

 

messenger time { enable limit

 

Optional

 

Set the messenger function

 

 

By default, the messenger

 

 

interval disable }

 

 

 

 

 

function is disabled.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Optional

 

Set the self-service server

 

self-service-url { disable

 

By default, the self-service

 

location function

 

enable url-string }

 

server location function is

 

 

 

 

 

disabled.

Note that:

 

 

 

 

z

z

z

z

z

On a unified device, each access user belongs to an ISP domain. You can configure up to 16 ISP domains on the device. When a user logs in, if no ISP domain name is carried in the user name, the device assumes that the user belongs to the default ISP domain.

If you have configured to use "." as the delimiter, for a user name that contains multiple ".", the first "." will be used as the domain delimiter.

If you have configured to use "@" as the delimiter, the "@" must not appear more than once in the user name.

If the system does not find any available accounting server or fails to communicate with any accounting server when it performs accounting for a user, it does not disconnect the user as long as the accounting optional command has been executed, though it cannot perform accounting for the user in this case.

The self-service server location function needs the cooperation of a RADIUS server that supports self-service, such as comprehensive access management server (iMC). Through self-service, users can manage and control their account or card numbers by themselves. A server installed with self-service software is called a self-service server.

iMC Server is a service management system used to manage networks and ensure network and user information security. With the cooperation of other networking devices in a network, a iMC server can implement the AAA functions and right management.

Configuring an AAA Scheme for an ISP Domain

You can configure either of the following AAA schemes:

Configuring a combined AAA scheme

You can use the scheme command to specify an AAA scheme for an ISP domain. If you specify a RADIUS or HWTACACS scheme, the authentication, authorization and accounting will be uniformly implemented by the RADIUS or TACACS server(s) specified in the RADIUS or HWTACACS scheme. In

2-3

Page 262
Image 262
3Com WX3000 Configuring an AAA Scheme for an ISP Domain, Configuring a combined AAA scheme, Accounting optional