iContentsConfiguring AAA ··············································································1About AAA ······························································································································· 1AAA implementation ············································································································ 1AAA network diagram ··········································································································· 1RADIUS ···························································································································· 2HWTACACS ······················································································································ 5LDAP ································································································································ 8User management based on ISP domains and user access types ··············································· 11Authentication, authorization, and accounting methods······························································ 11AAA for MPLS L3VPNs ······································································································ 13Protocols and standards ····································································································· 13AAA tasks at a glance ··············································································································· 14Configuring local users ·············································································································· 15About local users··············································································································· 15Local user configuration tasks at a glance··············································································· 16Configuring attributes for device management users ································································· 16Configuring attributes for network access users ······································································· 17Configuring local guest attributes ·························································································· 18Configuring user group attributes ·························································································· 19Managing local guests ········································································································ 21Display and maintenance commands for local users and local user groups ···································· 22Configuring RADIUS ················································································································· 23RADIUS tasks at a glance ··································································································· 23Configuring a test profile for RADIUS server status detection ······················································ 23Creating a RADIUS scheme ································································································ 24Specifying the RADIUS authentication servers········································································· 24Specifying the RADIUS accounting servers ············································································· 25Specifying the shared keys for secure RADIUS communication ··················································· 26Specifying an MPLS L3VPN instance for the scheme ································································ 26Setting the username format and traffic statistics units ······························································ 27Setting the maximum number of RADIUS request transmission attempts ······································ 27Setting the maximum number of real-time accounting attempts ··················································· 28Configuring RADIUS stop-accounting packet buffering ······························································ 28Setting the maximum number of pending RADIUS requests ······················································· 29Setting the status of RADIUS servers ···················································································· 29Enabling the RADIUS server load sharing feature ···································································· 31Specifying the source IP address for outgoing RADIUS packets ·················································· 32Setting RADIUS timers ······································································································· 33Configuring the RADIUS accounting-on feature ······································································· 34Interpreting the RADIUS class attribute as CAR parameters ······················································· 34Configuring the Login-Service attribute check method for SSH, FTP, and terminal users ·················· 35Configuring the MAC address format for RADIUS attribute 31 ····················································· 35Configuring the format for RADIUS attribute 87 ········································································ 36Setting the data measurement unit for the Remanent_Volume attribute········································· 36Specifying a server version for interoperating with servers with a vendor ID of 2011 ························ 37Configuring the RADIUS attribute translation feature ································································· 37Configuring the RADIUS session-control feature ······································································ 39Configuring the RADIUS DAS feature ···················································································· 39Changing the DSCP priority for RADIUS packets ····································································· 40Configuring the device to preferentially process RADIUS authentication requests ··························· 40Enabling SNMP notifications for RADIUS ··············································································· 41Display and maintenance commands for RADIUS ···································································· 41Configuring HWTACACS ··········································································································· 42HWTACACS tasks at a glance ····························································································· 42Creating an HWTACACS scheme ························································································· 42Specifying the HWTACACS authentication servers ··································································· 42Specifying the HWTACACS authorization servers ···································································· 43