47
[Switch] hwtacacs scheme hwtac
[Switch-hwtacacs-hwtac] primary authorization 10.1.1.2 49
[Switch-hwtacacs-hwtac] key authorization expert
[Switch-hwtacacs-hwtac] user-name-format without-domain
[Switch-hwtacacs-hwtac] quit
# Configure the RADIUS scheme.
[Switch] radius scheme rd
[Switch-radius-rd] primary accounting 10.1.1.1 1813
[Switch-radius-rd] key accounting expert
[Switch-radius-rd] server-type extended
[Switch-radius-rd] user-name-format without-domain
[Switch-radius-rd] quit
# Create a local user named hello.
[Switch] local-user hello
[Switch-luser-hello] service-type telnet
[Switch-luser-hello] password simple hello
[Switch-luser-hello] quit
# Configure the AAA methods for the ISP domain.
[Switch] domain bbb
[Switch-isp-bbb] authentication login local
[Switch-isp-bbb] authorization login hwtacacs-scheme hwtac
[Switch-isp-bbb] accounting login radius-scheme rd
[Switch-isp-bbb] quit
You can achieve the same result by setting default AAA methods for all types of users in domain bbb.
[Switch] domain bbb
[Switch-isp-bbb] authentication default local
[Switch-isp-bbb] authorization default hwtacacs-scheme hwtac
[Switch-isp-bbb] accounting default radius-scheme rd
When Telnetting in to the switch, a user enters username telnet@bbb for authentication using domain
bbb.
Authentication/Authorization for SSH/Telnet users by a
RADIUS server
NOTE:
The configuration of authentication and authorization for SSH users is similar to that for Telnet users. The
following takes SSH users as an example.
Network requirements
As shown in Figure 11,
• Configure an iMC server to act as the RADIUS server to provide authentication and authorization
services for SSH users. The IP address of the RADIUS server is 10.1.1.1/24.
To Next Page
Loading...
