AAAcan be implemented through multiple protocols. The switch supports using RADIUS, which is the most commonly used protocol in practice. For more information, see the chapter “RADIUS configuration.”
On a NAS, each user belongs to one Internet service provider (ISP) domain. A NAS determines the ISP domain a user belongs to by the username entered by the user at login, and controls access of the user based on the AAA methods configured for the domain. If no specific AAA methods are configured for the domain, the default methods are used. See a.
a.Determine the ISP domain of a user by the username
Configuring AAAConfiguration prerequisites
To implement local user authentication, authorization, and accounting, you must create local users and configure user attributes on the switch. See the chapter “User configuration”.
To implement remote authentication, authorization, or accounting, you must create the RADIUS schemes to be referenced. For RADIUS scheme configuration information, see the chapter “RADIUS configuration”.
Configuration task list
Task | Remarks | |
| Optional | |
Configuring an ISP domain | Create ISP domains and specify one of them as the default ISP domain. | |
By default, there is a system predefined ISP domain named system, which is the | ||
| ||
| default ISP domain. | |
|
|
352