1-12Task RemarksSpecifying the HWTACACS Authentication Servers RequiredSpecifying the HWTACACS Authorization Servers OptionalSpecifying the HWTACACS Accounting Servers OptionalSetting the Shared Key for HWTACACS Packets RequiredConfiguring Attributes Related to the Data Sent to HWTACACSServer OptionalSetting Timers Regarding HWTACACS Servers OptionalDisplaying and Maintaining HWTACACS OptionalConfiguring AAABy configuring AAA, you can provide network access service for legal users, protect the networkingdevices, and avoid unauthorized access and repudiation. In addition, you can configure ISP domains toperform AAA on accessing users.In AAA, users are divided into login users (such as SSH, Telnet, FTP, and terminal access users) andcommand line users (that is, command line authentication users). Except for command line users, youcan configure separate authentication/authorization/accounting policies for all the other types of users.Command line users can be configured with authorization policy independently.Configuration PrerequisitesFor remote authentication, authorization, or accounting, you must create the RADIUS or HWTACACSscheme first. For RADIUS scheme configuration, refer to Configuring RADIUS. For HWTACACSscheme configuration, refer to Configuring HWTACACS.Creating an ISP DomainAn Internet service provider (ISP) domain represents a group of users belonging to it. For a username inthe userid@isp-name format, the access device considers the userid part the username forauthentication and the isp-name part the ISP domain name.In a networking scenario with multiple ISPs, an access device may connect users of different ISPs. Asusers of different ISPs may have different user attributes (such as username and password structure,service type, and rights), you need to configure ISP domains to distinguish the users. In addition, youneed to configure different attribute sets including AAA methods for the ISP domains.For the NAS, each user belongs to an ISP domain. Up to 16 ISP domains can be configured on a NAS.If a user does not provide the ISP domain name, the system considers that the user belongs to thedefault ISP domain.Follow these steps to create an ISP domain:To do… Use the command… RemarksEnter system view system-view —Create an ISP domain andenter ISP domain view domain isp-name Required