Operation Manual – AAAH3C S5600 Series Ethernet Switches Table of ContentsiTable of ContentsChapter 1 AAA Overview .............................................................................................................. 1-11.1 Introduction to AAA ............................................................................................................ 1-11.1.1 Authentication.......................................................................................................... 1-11.1.2 Authorization ........................................................................................................... 1-21.1.3 Accounting............................................................................................................... 1-21.1.4 Introduction to ISP Domain ..................................................................................... 1-21.2 Introduction to AAA Services ............................................................................................. 1-31.2.1 Introduction to RADIUS........................................................................................... 1-31.2.2 Introduction to HWTACACS.................................................................................... 1-8Chapter 2 AAA Configuration ...................................................................................................... 2-12.1 AAA Configuration Task List.............................................................................................. 2-12.1.1 Creating an ISP Domain and Configuring Its Attributes.......................................... 2-22.1.2 Configuring an AAA Scheme for an ISP Domain.................................................... 2-42.1.3 Configuring Dynamic VLAN Assignment ................................................................ 2-72.1.4 Configuring the Attributes of a Local User .............................................................. 2-82.1.5 Cutting Down User Connections Forcibly ............................................................. 2-102.2 RADIUS Configuration Task List ..................................................................................... 2-112.2.1 Creating a RADIUS Scheme................................................................................. 2-132.2.2 Configuring RADIUS Authentication/Authorization Servers.................................. 2-132.2.3 Configuring RADIUS Accounting Servers............................................................. 2-142.2.4 Configuring Shared Keys for RADIUS Messages................................................. 2-162.2.5 Configuring the Maximum Number of RADIUS Request Transmission Attempts 2-172.2.6 Configuring the Type of RADIUS Servers to be Supported.................................. 2-172.2.7 Configuring the Status of RADIUS Servers .......................................................... 2-182.2.8 Configuring the Attributes of Data to be Sent to RADIUS Servers ....................... 2-192.2.9 Configuring the Local RADIUS Server .................................................................. 2-212.2.10 Configuring Timers for RADIUS Servers ............................................................ 2-222.2.11 Enabling Sending Trap Message when a RADIUS Server Goes Down ............. 2-232.2.12 Enabling the User Re-Authentication at Restart Function .................................. 2-242.3 HWTACACS Configuration Task List .............................................................................. 2-262.3.1 Creating a HWTACACS Scheme.......................................................................... 2-262.3.2 Configuring TACACS Authentication Servers....................................................... 2-272.3.3 Configuring TACACS Authorization Servers......................................................... 2-272.3.4 Configuring TACACS Accounting Servers............................................................ 2-282.3.5 Configuring Shared Keys for HWTACACS Messages.......................................... 2-292.3.6 Configuring the Attributes of Data to be Sent to TACACS Servers ...................... 2-302.3.7 Configuring the Timers Regarding TACACS Servers ........................................... 2-30