274 CHAPTER 9: AAA AND RADIUS OPERATION
[SW8800-radius-radius1]timer realtime-accounting 15
10 Configure the system to transmit the user name to the RADIUS server after
removing the domain name.
[SW8800-radius-radius1]user-name-format without-domain
[SW8800-radius-radius1]quit
11 Create the user domain 3com163.net and enters isp configuration mode.
[SW8800]domain 3com163.net
12 Specify radius1 as the RADIUS server group for the users in the domain
3com163.net.
[SW8800-isp-3com163.net]radius-scheme radius1
13 Set a limit of 30 users to the domain 3com163.net.
[SW8800-isp-3com163.net]access-limit enable 30
14 Enable idle cut function for the user and set the idle cut parameter in the domain
3com163.net.
[SW8800-isp-3com163.net]idle-cut enable 50 5000
15 Add a local supplicant and sets its parameter.
[SW8800]local-user localuser
[SW8800-luser-localuser]attribute service-type lan-access
[SW8800-luser-localuser]password simple localpass
16 Enable the 802.1x globally.
[SW8800]dot1x
Configuring the AAA
and RADIUS Protocols
The Authentication, Authorization, and Accounting (AAA) protocol provides a
uniform framework for configuring these three security functions and implements
network security management.
The network security mentioned here refers to access control, including:
■ Which user can access the network server
■ Which service can the authorized user enjoy
■ How to keep accounts for the user who is using network resource
AAA provides the following services:
■ Authenticates whether the user can access the network server.
■ Authorizes the user with specified services.
■ Accounts for network resources that are consumed by the user.
Generally, by applying client/server architecture, AAA framework boasts the
following advantages:
■ Good scalability.
■ Ability to use standard authentication schemes.
■ Easy control, and convenient for centralized management of user information.
■ Ability to use multiple-level backup systems to enhance the security of the
whole framework.