Installation manual

ManualsBrandsQuidway ManualsComputer equipmentS3000-EI Series

221

222

223

224

225

226

227

228

229

230

Operation Manual - Security

Quidway S3000-EI Series Ethernet Switches

Chapter 2 AAA and RADIUS Protocol

Configuration

Huawei Technologies Proprietary

2-4

ssword formats, etc,

tting ISP domain. In

a complete set of

h includes AAA policy

P domain. Up to 16

rted its ISP domain

ISP. Because the attributes of ISP users, such as username and pa

may be different, it is necessary to differentiate them through se

Quidway Series Switches ISP domain view, you can configure

exclusive ISP domain attributes on a per-ISP domain basis, whic

( RADIUS scheme applied etc.)

For Quidway Series Switches, each supplicant belongs to an IS

domains can be configured in the system. If a user has not repo

name, the system will put it into the default domain.

Perform the following configurations in system view.

Table 2-1 Creating/Deleting ISP domain

Operation Command

Create ISP domain or enter the view of a

specified domain.

isp-name

domain

Remove a specified ISP domain

undo domain isp-name

Enable the default ISP d

isp-name

omain specified by

domain default enable isp-name

Restore the default ISP domain to “system”

domain default disable

By default, a domain named “system” has been created in the system. The attributes of

2.2.2 Con u ributes of ISP Domain

n include the adopted RADIUS scheme, state, and

scheme is used. The command shall be used

together with the commands of setting RADIUS server and server cluster. For

onfiguring RADIUS section of this chapter.

z Every ISP has active/block states. If an ISP domain is in active state, the users in it

z The idle cut function means: If the traffic from a certain connection is lower than

the defined traffic, cut off this connection.

“sy tem” are all default values.

fig ring Relevant Att

The relevant attributes of ISP domai

maximum number of supplicants . Where,

z The adopted RADIUS scheme is the one used by all the users in the ISP domain.

The RADIUS scheme can be used for RADIUS authentication or accounting. By

default, the default RADIUS

details, refer to the following C

can request for network service, while in block state, its users cannot request for

any network service, which will not affect the users already online. An ISP is in the

block state when it is created. No user in the domain is allowed to request for

network service.

z Maximum number of supplicants specifies how many supplicants can be

contained in the ISP. For any ISP domain, there is no limit to the number of

supplicants by default.