Domain-based user management

A NAS manages users based on Internet service provider (ISP) domains. On a NAS, each user belongs to one ISP domain. A NAS determines the ISP domain a user belongs to by the username entered by the user at login, as shown in Figure 7.

Figure 7: Determining the ISP domain of a user by the username

The authentication, authorization, and accounting of a user depends on the AAA methods configured for the domain to which the user belongs. If no specific AAA methods are configured for the domain, the default methods are used. By default, a domain uses local authentication, local authorization, and local accounting.

AAA allows you to manage users based on their access types:

In addition, AAA provides the following services for login users to enhance switch security:

You can configure different authentication, authorization, and accounting methods for different types of users in a domain. See "Configuring AAA methods for ISP domains."