没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
i
目 录
1 AAA ······················································································································································· 1-1
1.1 AAA 简介 ··········································································································································· 1-1
1.1.1 AAA 实现的功能 ······················································································································ 1-1
1.1.2 AAA 基本组网结构 ·················································································································· 1-1
1.1.3 RADIUS 协议简介 ··················································································································· 1-2
1.1.4 HWTACACS 协议简介 ············································································································ 1-6
1.1.5 LDAP 协议简介 ······················································································································· 1-8
1.1.6 基于域的用户管理 ················································································································· 1-11
1.1.7 认证、授权、计费方法 ········································································································· 1-11
1.1.8 AAA 的扩展应用 ···················································································································· 1-13
1.1.9 AAA 支持 VPN 多实例 ·········································································································· 1-13
1.1.10 AAA 支持 PPPoE 代拨功能································································································· 1-14
1.1.11 协议规范 ····························································································································· 1-16
1.2 AAA 配置任务简介 ··························································································································· 1-16
1.3 配置本地用户 ··································································································································· 1-17
1.3.1 本地用户简介 ························································································································ 1-17
1.3.2 本地用户配置任务简介 ········································································································· 1-18
1.3.3 配置设备管理类本地用户属性 ······························································································· 1-19
1.3.4 配置网络接入类本地用户属性 ······························································································· 1-20
1.3.5 配置本地来宾用户属性 ········································································································· 1-21
1.3.6 配置用户组属性 ···················································································································· 1-23
1.3.7 配置本地来宾用户管理功能 ·································································································· 1-24
1.3.8 配置用户组告警功能 ············································································································· 1-25
1.3.9 本地用户及本地用户组显示和维护 ······················································································· 1-25
1.4 配置 RADIUS··································································································································· 1-26
1.4.1 RADIUS 配置任务简介·········································································································· 1-26
1.4.2 配置 RADIUS 服务器探测模板 ······························································································ 1-27
1.4.3 创建 RADIUS 方案 ················································································································ 1-28
1.4.4 配置 RADIUS 认证服务器 ····································································································· 1-28
1.4.5 配置 RADIUS 计费服务器 ····································································································· 1-29
1.4.6 配置 RADIUS 报文的共享密钥 ······························································································ 1-30
1.4.7 配置 RADIUS 方案所属的 VPN ····························································································· 1-30
1.4.8 配置 RADIUS 服务器的状态 ································································································· 1-31
ii
1.4.9 配置 RADIUS 服务器的定时器 ······························································································ 1-32
1.4.10 配置 RADIUS 报文的源 IP 地址 ·························································································· 1-34
1.4.11 配置发送给 RADIUS 服务器的用户名格式和数据统计单位 ················································ 1-35
1.4.12 配置发送 RADIUS 报文的最大尝试次数 ············································································· 1-35
1.4.13 配置允许发起实时计费请求的最大尝试次数 ······································································· 1-36
1.4.14 配置 RADIUS 报文的 DSCP 优先级 ···················································································· 1-36
1.4.15 限制发送给 RADIUS 服务器的请求报文数目 ······································································ 1-36
1.4.16 配置 RADIUS 报文中携带的 NAS-IP 地址 ·········································································· 1-37
1.4.17 配置 RADIUS Attribute 5 的封装格式 ················································································· 1-38
1.4.18 配置 RADIUS Attribute 6 的值 ···························································································· 1-39
1.4.19 配置 RADIUS Attribute 15 的检查方式 ··············································································· 1-39
1.4.20 配置 RADIUS Attribute 25 的 CAR 参数解析功能 ······························································· 1-40
1.4.21 配置 RADIUS Attribute 31 中的 MAC 地址格式 ·································································· 1-40
1.4.22 配置 RADIUS Attribute 85 号属性优先 ··············································································· 1-41
1.4.23 配置 RADIUS Attribute 87 的格式 ······················································································· 1-41
1.4.24 配置 RADIUS Remanent_Volume 属性的流量单位 ···························································· 1-42
1.4.25 配置 Vendor ID 为 2011 的 RADIUS 服务器版本号 ···························································· 1-43
1.4.26 配置 RADIUS 属性解释功能 ······························································································· 1-43
1.4.27 配置 RADIUS 服务器都处于 block 状态后的请求动作 ························································ 1-45
1.4.28 配置 RADIUS 计费报文缓存功能 ························································································ 1-45
1.4.29 配置用户下线时设备强制发送 RADIUS 计费停止报文 ······················································· 1-46
1.4.30 配置 RADIUS 服务器负载分担功能 ···················································································· 1-47
1.4.31 配置 RADIUS 的 accounting-on 功能 ·················································································· 1-48
1.4.32 配置 RADIUS 的 session control 功能 ················································································ 1-48
1.4.33 配置 RADIUS DAE 服务器功能 ·························································································· 1-49
1.4.34 配置 RADIUS 的认证请求优先功能 ···················································································· 1-51
1.4.35 配置用户剩余流量阈值 ······································································································· 1-51
1.4.36 配置设备接受 RADIUS 服务器下发的用户名 ······································································ 1-52
1.4.37 配置 PPP 用户下线原因转换功能 ······················································································· 1-52
1.4.38 配置 RADIUS 告警功能 ······································································································· 1-53
1.4.39 RADIUS 显示和维护 ··········································································································· 1-54
1.5 配置 HWTACACS ··························································································································· 1-54
1.5.1 HWTACACS 配置任务简介 ·································································································· 1-54
1.5.2 创建 HWTACACS 方案 ········································································································· 1-55
1.5.3 配置 HWTACACS 认证服务器 ······························································································ 1-55
1.5.4 配置 HWTACACS 授权服务器 ······························································································ 1-56
iii
1.5.5 配置 HWTACACS 计费服务器 ······························································································ 1-57
1.5.6 配置 HWTACACS 报文的共享密钥 ······················································································· 1-57
1.5.7 配置 HWTACACS 方案所属的 VPN······················································································ 1-58
1.5.8 配置 HWTACACS 服务器的定时器 ······················································································· 1-58
1.5.9 配置发送 HWTACACS 报文使用的源地址 ············································································ 1-60
1.5.10 配置发送给 HWTACACS 服务器的用户名格式和数据统计单位 ········································· 1-61
1.5.11 配置 HWTACACS 计费报文缓存功能 ················································································· 1-61
1.5.12 修改 HWTACACS 服务器上存储的用户密码 ······································································ 1-62
1.5.13 HWTACACS 显示和维护 ···································································································· 1-63
1.6 配置 LDAP ······································································································································· 1-63
1.6.1 LDAP 配置任务简介 ·············································································································· 1-63
1.6.2 创建 LDAP 服务器 ················································································································ 1-64
1.6.3 配置 LDAP 服务器 IP 地址 ···································································································· 1-64
1.6.4 配置 LDAP 版本号 ················································································································ 1-64
1.6.5 配置 LDAP 服务器的连接超时时间 ······················································································· 1-65
1.6.6 配置具有管理员权限的用户属性 ··························································································· 1-65
1.6.7 配置 LDAP 用户属性参数 ······································································································ 1-65
1.6.8 配置 LDAP 属性映射表 ········································································································· 1-66
1.6.9 创建 LDAP 方案 ···················································································································· 1-67
1.6.10 指定 LDAP 认证服务器 ······································································································· 1-67
1.6.11 指定 LDAP 授权服务器 ······································································································· 1-67
1.6.12 引用 LDAP 属性映射表 ······································································································· 1-68
1.6.13 LDAP 显示和维护 ··············································································································· 1-68
1.7 创建 ISP 域 ······································································································································ 1-68
1.7.1 ISP 域简介 ···························································································································· 1-68
1.7.2 配置限制和指导 ···················································································································· 1-69
1.7.3 创建非缺省 ISP 域 ················································································································ 1-69
1.7.4 配置系统缺省 ISP 域 ············································································································· 1-69
1.7.5 配置未知域名用户的 ISP 域 ·································································································· 1-69
1.8 配置 ISP 域的属性 ··························································································································· 1-69
1.8.1 配置 ISP 域的状态 ················································································································ 1-69
1.8.2 配置 ISP 域的用户授权属性 ·································································································· 1-70
1.8.3 配置用户切换域后需要生效的授权属性 ················································································ 1-72
1.8.4 配置采用 none 认证方法时的用户授权属性 ·········································································· 1-73
1.8.5 配置 ISP 域下允许接入的最大用户数 ··················································································· 1-73
1.8.6 设置设备上传到服务器的用户在线时间中保留闲置切断时间 ··············································· 1-74
iv
1.8.7 设置 ISP 域的用户地址类型 ·································································································· 1-74
1.8.8 配置发送给主机的 RA 消息参数···························································································· 1-74
1.8.9 设置 ISP 域的业务类型 ········································································································· 1-75
1.8.10 设置 ISP 域采用的 ITA 业务策略 ························································································· 1-75
1.8.11 设置 EDSG 业务流量限速模式 ··························································································· 1-76
1.8.12 配置 ISP 域的重定向 Web 服务器 ······················································································· 1-76
1.8.13 配置 PPP/IPoE 用户的 Web 重定向 URL 有效时长 ···························································· 1-77
1.8.14 配置 PPP/IPoE 用户的 Web 重定向页面的服务器 IP 地址 ·················································· 1-78
1.8.15 配置暂时重定向功能 ··········································································································· 1-79
1.8.16 配置 PPPoE/L2TP 用户主业务依赖的 IP 地址类型 ····························································· 1-79
1.8.17 配置 PPPoE/L2TP 用户等待分配 IPv6 地址/PD 的最大时长··············································· 1-80
1.8.18 配置 RADIUS 服务器授权 L2TP 用户功能 ·········································································· 1-80
1.8.19 配置设备强制为 PPP 用户分配接口 ID ··············································································· 1-82
1.8.20 配置负载分担用户组 ··········································································································· 1-82
1.8.21 配置单个帐号允许接入的最大用户数 ·················································································· 1-83
1.8.22 开启对用户上线接口的 VPN 配置进行严格一致性检查功能 ··············································· 1-83
1.8.23 用户信息自动备份功能 ······································································································· 1-84
1.8.24 配置用户认证失败后采取的处理策略 ·················································································· 1-85
1.9 在 ISP 域中配置实现 AAA 的方法 ···································································································· 1-85
1.9.1 配置 ISP 域的 AAA 认证方法 ································································································ 1-85
1.9.2 配置 ISP 域的 AAA 授权方法 ································································································ 1-87
1.9.3 配置 ISP 域的 AAA 计费方法 ································································································ 1-89
1.9.4 ISP 域显示和维护 ················································································································· 1-92
1.10 配置 AAA 用户逃生功能 ················································································································ 1-92
1.11 管理接口上的用户认证域 ·············································································································· 1-93
1.11.1 用户认证域的选择流程 ······································································································· 1-93
1.11.2 配置接口上的缺省认证域 ···································································································· 1-94
1.11.3 配置接口上的漫游域 ··········································································································· 1-95
1.11.4 配置接口上允许用户接入的 ISP 域 ····················································································· 1-95
1.11.5 配置接口上禁止用户接入的 ISP 域 ····················································································· 1-96
1.12 限制同时在线的最大用户连接数 ···································································································· 1-96
1.13 配置使用相同账号的用户为非家庭用户 ························································································· 1-97
1.14 对 AAA 用户进行 Netstream 采样 ·································································································· 1-97
1.15 配置本地话单缓存功能 ·················································································································· 1-98
1.15.1 功能简介 ····························································································································· 1-98
1.15.2 配置自动上传本地话单 ······································································································· 1-98
v
1.15.3 配置手动上传本地话单 ······································································································· 1-99
1.15.4 本地缓存话单显示和维护 ···································································································· 1-99
1.16 配置 NAS-ID ·································································································································· 1-99
1.16.1 NAS-ID 的应用 ···················································································································· 1-99
1.16.2 配置 NAS-ID 与 VLAN 的绑定 ··························································································· 1-100
1.16.3 在接口上配置 NAS-ID ······································································································· 1-100
1.16.4 在 ISP 域视图下配置 NAS-ID ···························································································· 1-101
1.17 在接口上配置用户的 SSID ·········································································································· 1-101
1.18 配置设备 ID ································································································································· 1-101
1.19 配置密码修改周期性提醒日志功能 ······························································································ 1-102
1.20 配置用户上下线记录功能 ············································································································ 1-103
1.20.1 功能简介 ··························································································································· 1-103
1.20.2 配置限制和指导 ················································································································ 1-103
1.20.3 配置用户上线失败记录功能 ······························································································ 1-103
1.20.4 配置用户下线记录功能 ····································································································· 1-103
1.20.5 用户上下线记录功能显示和维护 ······················································································· 1-103
1.21 配置 AAA 请求测试功能 ·············································································································· 1-105
1.22 配置 ISP 域告警功能 ··················································································································· 1-107
1.23 配置 AAA 告警功能 ······················································································································ 1-109
1.24 配置 RADIUS 代理功能 ··············································································································· 1-110
1.24.1 功能简介 ··························································································································· 1-110
1.24.2 配置限制和指导 ················································································································ 1-111
1.24.3 配置准备 ··························································································································· 1-112
1.24.4 配置步骤 ··························································································································· 1-112
1.24.5 RADIUS 代理显示和维护 ·································································································· 1-113
1.25 AAA 典型配置举例······················································································································· 1-113
1.25.1 SSH 用户的 RADIUS 认证和授权配置 ·············································································· 1-113
1.25.2 SSH 用户的本地认证和授权配置 ······················································································ 1-117
1.25.3 SSH 用户的 HWTACACS 认证、授权、计费配置 ···························································· 1-118
1.25.4 SSH 用户的 LDAP 认证配置 ····························································································· 1-120
1.25.5 PPP 用户的 HWTACACS 认证、授权、计费配置 ···························································· 1-124
1.25.6 RADIUS 代理配置举例 ····································································································· 1-125
1.26 AAA 常见故障处理······················································································································· 1-128
1.26.1 RADIUS 认证/授权失败 ···································································································· 1-128
1.26.2 RADIUS 报文传送失败 ····································································································· 1-129
1.26.3 RADIUS 计费功能异常 ····································································································· 1-129
剩余143页未读,继续阅读
资源评论
小龙0209
- 粉丝: 1
- 资源: 9
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功