Creating an ISP domain
In a networking scenario with multiple ISPs, the device can connect users of different ISPs. Different ISP users may have different user attributes (username and password structures), different service types, and different rights. To manage users of different ISPs, configure ISP domains and their AAA methods and domain attributes.
The device can accommodate up to 16 ISP domains, including the system-predefined ISP domain system. You can specify one ISP domain as the default domain.
On the device, each user belongs to an ISP domain. If a user provides no ISP domain name at login, the device considers that the user belongs to the default ISP domain.
The device chooses an authentication domain for each user in the following order:
Authentication domain specified for the access module
ISP domain in the username
The default ISP domain of the device
ISP domain specified for users with unknown domain names
If all domains are unavailable, user authentication fails.
Support for the authentication domain configuration depends on the access module. You can specify an authentication domain for 802.1X, portal, or MAC address authentication.
To create an ISP domain:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Create an ISP domain and enter ISP domain view. | domain isp-name | N/A |
3. Return to system view. | quit | N/A |
4. Specify the default ISP domain. | domain default enable isp-name | Optional. By default, the default ISP domain is the system-predefined ISP domain system. |
5. Specify an ISP domain for users with unknown domain names. | domain if-unknown isp-name | Optional. By default, no ISP domain is specified for users with unknown domain names. |
To delete the ISP domain that is functioning as the default ISP domain, you must change it to a non-default ISP domain by using the undo domain default enable command.