Operation Manual – AAAH3C S3100-52P Ethernet switch Chapter 2 AAA Configuration2-6To do… Use the command… RemarksEnter system view system-view —Create an ISP domainand enter its view, or enterthe view of an existing ISPdomaindomain isp-name RequiredConfigure anauthentication scheme forthe ISP domainauthentication{ radius-schemeradius-scheme-name[ local ] |hwtacacs-schemehwtacacs-scheme-name[ local ] | local | none }OptionalBy default, no separateauthentication scheme isconfigured.Configure a HWTACACSauthentication scheme foruser level switchingauthentication superhwtacacs-schemehwtacacs-scheme-nameOptionalBy default, noHWTACACSauthentication scheme isconfigured.Configure anauthorization scheme forthe ISP domainauthorization { none |hwtacacs-schemehwtacacs-scheme-name }OptionalBy default, no separateauthorization scheme isconfigured.Configure an accountingscheme for the ISPdomainaccounting { none |radius-schemeradius-scheme-name |hwtacacs-schemehwtacacs-scheme-name }OptionalBy default, no separateaccounting scheme isconfigured.Note:z RADIUS scheme and local scheme do not support the separation of authenticationand authorization. Therefore, pay attention when you make authentication andauthorization configuration for a domain: When the scheme radius-scheme orscheme local command is executed and the authentication command is notexecuted, the authorization information returned from the RADIUS or local schemestill takes effect even if the authorization none command is executed.z The S3100-52P Ethernet switch adopt hierarchical protection for command lines soas to inhibit users at lower levels from using higher level commands to configure theswitches. For details about configuring a HWTACACS authentication scheme forlow-to-high user level switching, refer to Switching User Level in the Command LineInterface Operation.
