1-2z None accounting: No accounting is performed for users.z Remote accounting: User accounting is performed on a remote RADIUS or TACACS server.Introduction to ISP DomainAn Internet service provider (ISP) domain is a group of users who belong to the same ISP. For ausername in the format of userid@isp-name or userid.isp-name, the isp-name following the "@" or “.”character is the ISP domain name. The access device uses userid as the username for authentication,and isp-name as the domain name.In a multi-ISP environment, the users connected to the same access device may belong to differentdomains. Since the users of different ISPs may have different attributes (such as different forms ofusername and password, different service types/access rights), it is necessary to distinguish the usersby setting ISP domains.You can configure a set of ISP domain attributes (including AAA policy, RADIUS scheme, and so on) foreach ISP domain independently in ISP domain view.Introduction to AAA ServicesIntroduction to RADIUSAAA is a management framework. It can be implemented by not only one protocol. But in practice, themost commonly used service for AAA is RADIUS.What is RADIUSRemote Authentication Dial-in User Service (RADIUS) is a distributed service based on client/serverstructure. It can prevent unauthorized access to your network and is commonly used in networkenvironments where both high security and remote user access service are required.The RADIUS service involves three components:z Protocol: Based on the UDP/IP layer, RFC 2865 and 2866 define the message format andmessage transfer mechanism of RADIUS, and define 1812 as the authentication port and 1813 asthe accounting port.z Server: RADIUS Server runs on a computer or workstation at the center. It stores and maintainsuser authentication information and network service access information.z Client: RADIUS Client runs on network access servers throughout the network.RADIUS operates in the client/server model.z A switch acting as a RADIUS client passes user information to a specified RADIUS server, andtakes appropriate action (such as establishing/terminating user connection) depending on theresponses returned from the server.z The RADIUS server receives user connection requests, authenticates users, and returns allrequired information to the switch.Generally, a RADIUS server maintains the following three databases (see Figure 1-1):z Users: This database stores information about users (such as username, password, protocoladopted and IP address).z Clients: This database stores information about RADIUS clients (such as shared key).z Dictionary: The information stored in this database is used to interpret the attributes and attributevalues in the RADIUS protocol.