Domain: NAS user management is based on ISP (Internet Service Provider) domain, and each user belongs to an ISP domain. In general, the ISP domain to which the user belongs is determined by the user name provided when the user logs in. There is a system domain by default. Under the domain, you can configure the authentication, authorization, and accounting method of each access user.
The solution of the domain-based user and AAA management is described as follows:
The management of NAS devices for users is based on the ISP domain. Generally, the ISP domain to which the user belongs is determined by the user name provided when the user logs in.
"Input User Name "= "User Name Understood by Device"+ "Domain Name"
When authenticating users, devices determine their domains in the following order, and then execute AAA policies in the domains:
- (Optional) Log into/access the module to configure the designated authentication domain;
- ISP domain specified in user name;
- The default ISP domain of the system
Configuration Condition
None
Configure the ISP Domain
Table 11-2 Configure the AAA domain
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode
|
configure terminal
|
-
|
|
Enter the ISP domain view
|
domain isp-name
|
Optional
By default, the system has one ISP domain named system.
|
|
Return to the global configuration mode
|
exit
|
-
|
|
Configure the default ISP domain
|
domain default enable isp-name
|
Optional
By default, the default ISP domain of the system is the system domain.
|
Switch
.png){kind=icon}
.png){kind=logo}
