51
# Create RADIUS scheme rad.
[Switch] radius scheme rad
# Specify the primary authentication server.
[Switch-radius-rad] primary authentication 10.1.1.1 1812
# Set the shared key for authentication packets to expert.
[Switch-radius-rad] key authentication expert
# Specify the scheme to include the domain names in usernames to be sent to the RADIUS server.
[Switch-radius-rad] user-name-format with-domain
# Specify the service type for the RADIUS server, which must be extended when the RADIUS server runs
iMC.
[Switch-radius-rad] server-type extended
[Switch-radius-rad] quit
# Configure the AAA methods for the domain.
[Switch] domain bbb
[Switch-isp-bbb] authentication login radius-scheme rad
[Switch-isp-bbb] authorization login radius-scheme rad
[Switch-isp-bbb] quit
3. Verify the configuration
After you complete the configuration, the SSH user should be able to use the configured account to
access the user interface of the switch and can access the demands of level 0 through level 3. .
# Use the display connection command to view the connection information on the switch.
[Switch] display connection
Slot: 1
Index=1 , Username= hello@bbb
IP=192.168.1.58
IPv6=N/A
Total 1 connection(s) matched on slot 1.
Total 1 connection(s) matched.
Level switching authentication for Telnet users by an
HWTACACS server
Network requirements
As shown in Figure 19,
• Connect the Telnet user to the switch and the switch to the HWTACACS server.
• Configure the switch to use local authentication for the Telnet user and assign the privilege level of
0 for the user to enjoy after login.
• Configure the switch to use the HWTACACS server and, if HWTACACS authentication is not
available, use local authentication instead for level switching authentication of the Telnet user.
To Next Page
Loading...
