3Com 3.01.01 Switch User Manual


 
274 CHAPTER 9: AAA AND RADIUS OPERATION
[SW8800-radius-radius1]timer realtime-accounting 15
10 Configure the system to transmit the user name to the RADIUS server after
removing the domain name.
[SW8800-radius-radius1]user-name-format without-domain
[SW8800-radius-radius1]quit
11 Create the user domain 3com163.net and enters isp configuration mode.
[SW8800]domain 3com163.net
12 Specify radius1 as the RADIUS server group for the users in the domain
3com163.net.
[SW8800-isp-3com163.net]radius-scheme radius1
13 Set a limit of 30 users to the domain 3com163.net.
[SW8800-isp-3com163.net]access-limit enable 30
14 Enable idle cut function for the user and set the idle cut parameter in the domain
3com163.net.
[SW8800-isp-3com163.net]idle-cut enable 50 5000
15 Add a local supplicant and sets its parameter.
[SW8800]local-user localuser
[SW8800-luser-localuser]attribute service-type lan-access
[SW8800-luser-localuser]password simple localpass
16 Enable the 802.1x globally.
[SW8800]dot1x
Configuring the AAA
and RADIUS Protocols
The Authentication, Authorization, and Accounting (AAA) protocol provides a
uniform framework for configuring these three security functions and implements
network security management.
The network security mentioned here refers to access control, including:
Which user can access the network server
Which service can the authorized user enjoy
How to keep accounts for the user who is using network resource
AAA provides the following services:
Authenticates whether the user can access the network server.
Authorizes the user with specified services.
Accounts for network resources that are consumed by the user.
Generally, by applying client/server architecture, AAA framework boasts the
following advantages:
Good scalability.
Ability to use standard authentication schemes.
Easy control, and convenient for centralized management of user information.
Ability to use multiple-level backup systems to enhance the security of the
whole framework.