Operation Manual – AAA
H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration
2-35
[Sysname] domain system
[Sysname-isp-system] scheme local
A Telnet user logging into the switch with the name telnet@system belongs to the
"system" domain and will be authenticated according to the configuration of the
"system" domain.
Method 2: using local RADIUS server
This method is similar to the remote authentication method described in section
2.5.1 .
However, you need to
z Change the server IP address, and the UDP port number of the authentication
server to 127.0.0.1, and 1645 respectively in the configuration step "Configure a
RADIUS scheme" in section
2.5.1
z Enable the local RADIUS server function, set the IP address and shared key for
the network access server to 127.0.0.1 and aabbcc, respectively.
z Configure local users.
2.5.3 HWTACACS Authentication and Authorization of Telnet Users
I. Network requirements
You are required to configure the switch so that the Telnet users logging into the switch
are authenticated and authorized by the TACACS server.
A TACACS server with IP address 10.110.91.164 is connected to the switch. This
server will be used as the authentication and authorization server. On the switch, set
both authentication and authorization shared keys that are used to exchange
messages with the TACACS server to "aabbcc." Configure the switch to strip domain
names off user names before sending user names to the TACACS server.
Configure the shared key to “aabbcc” on the TACACS server for exchanging messages
with the switch.
II. Network diagram
Figure 2-3 Remote HWTACACS authentication and authorization of Telnet users
To Next Page
Loading...
Need help?
General