Installation manual
Operation Manual - Security
Quidway S3000-EI Series Ethernet Switches
Chapter 2 AAA and RADIUS Protocol
Configuration
Huawei Technologies Proprietary
2-3
Internet
S3000-EI series
PC user1
PC user2
PC user3
PC user4
S3000-EI series
S2000-SI series
S2000-SI series
ISP1
ISP2
Internet
Authentication
Server
Accounting
Server
Server1
Accounting
Server2
Authentication
Server
Accounting
InternetInternet
PC user1
PC user2
PC user3
PC user4
ISP1
ISP2
Internet
Authentication
Server
Accounting
Server
Server1
Accounting
Server2
Authentication
Server
Accounting
Figure 2-1 Networking when S3000-EI Series Ethernet Switches applying RADIUS
authentication
2.2 AAA Configuration
z Configuring Dynamic VLAN with RADIUS Server
ain is compulsory, otherwise
the supplicant attributes cannot be distinguished. The other tasks are optional. You can
2.2.1 Crea
ain is a
group of users belonging to the same ISP. Generally, for a username in the
userid@isp-name format, taking gw20010608@huawei163.net as an example, the
isp-name (i.e. huawei163.net) following the @ is the ISP domain name. When Quidway
Series Switches control user access, as for an ISP user whose username is in
userid@isp-name format, the system will take userid part as username for identification
and take isp-name part as domain name.
The purpose of introducing ISP domain settings is to support the multi-ISP application
environment. In such environment, one access device might access users of different
AAA configuration includes:
z Creating/Deleting ISP Domain
z Configuring Relevant Attributes of ISP Domain
z Enabling/Disabling the Messenger Alert
z Configuring Self-Service Server URL
z Creating a local user
z Setting attributes of local user
z Disconnecting a user by force
Among the above configuration tasks, creating ISP dom
configure them at requirements.
ting/Deleting ISP Domain
What is Internet Service Provider (ISP) domain? To make it simple, ISP dom