iTable of Contents1 AAA Overview ············································································································································1-1Introduction to AAA ·································································································································1-1Authentication··································································································································1-1Authorization····································································································································1-1Accounting·······································································································································1-2Introduction to ISP Domain ·············································································································1-2Introduction to AAA Services ··················································································································1-3Introduction to RADIUS ···················································································································1-3Introduction to HWTACACS ············································································································1-72 AAA Configuration ····································································································································2-1AAA Configuration Task List ···················································································································2-1Configuration introduction ···············································································································2-1Creating an ISP Domain and Configuring Its Attributes ··································································2-2Configuring an AAA Scheme for an ISP Domain ············································································2-3Configuring Dynamic VLAN Assignment·························································································2-8Configuring the Attributes of a Local User·······················································································2-9Cutting Down User Connections Forcibly······················································································2-10RADIUS Configuration Task List···········································································································2-11Creating a RADIUS Scheme ·········································································································2-12Configuring RADIUS Authentication/Authorization Servers ··························································2-13Configuring Ignorance of Assigned RADIUS Authorization Attributes ··········································2-14Configuring the Sending Mode of Accounting Start Requests ······················································2-15Configuring RADIUS Accounting Servers ·····················································································2-16Configuring Shared Keys for RADIUS Messages ·········································································2-17Configuring the Maximum Number of RADIUS Request Transmission Attempts ············2-18Configuring the Type of RADIUS Servers to be Supported ··························································2-18Configuring the Status of RADIUS Servers···················································································2-19Configuring the Attributes of Data to be Sent to RADIUS Servers ···············································2-20Configuring the Local RADIUS Authentication Server Function ···················································2-21Configuring Timers for RADIUS Servers·······················································································2-22Enabling Sending Trap Message when a RADIUS Server Goes Down ·······································2-23Enabling the User Re-Authentication at Restart Function·····························································2-23HWTACACS Configuration Task List····································································································2-25Creating an HWTACACS Scheme ································································································2-25Configuring TACACS Authentication Servers ···············································································2-25Configuring TACACS Authorization Servers ·················································································2-26Configuring TACACS Accounting Servers ····················································································2-27Configuring Shared Keys for HWTACACS Messages ··································································2-27Configuring the Attributes of Data to be Sent to TACACS Servers ··············································2-28Configuring the Timers Regarding TACACS Servers ···································································2-29Displaying and Maintaining AAA···········································································································2-29AAA Configuration Examples················································································································2-31