Operation Manual – AAA&RADIUS
Quidway S3100 Series Ethernet Switches Chapter 1
AAA&RADIUS Configuration
Huawei Technologies Proprietary
1-31
I. Network requirements
In the network environment shown in Figure 1-5, you are required to configure the
switch so that the Telnet users logging into the switch are authenticated by the RADIUS
server.
z A RADIUS server with IP address 10.110.91.164 is connected to the switch. This
server will be used as the authentication server.
z On the switch, set the shared key it uses to exchange packets with the
authentication RADIUS server to "expert".
You can use a CAMS server as the RADIUS server. If you use a third-party RADIUS
server, you can select standard or huawei as the server type in the RADIUS scheme.
On the RADIUS server:
z Set the shared key it uses to exchange packets with the switch to "expert".
z Set the port number for authentication.
z Add Telnet user names and login passwords.
The Telnet user name added to the RADIUS server must be in the format of
userid@isp-name if you have configure the switch to include domain names in the user
names to be sent to the RADIUS server.
II. Network diagram
Authentication Server
IP address: 10.110.91.164
Internet
Sw itc h
Telnet user
Internet
Authentication Server
IP address: 10.110.91.164
Internet
Sw itc h
Authentication server
IP address: 10.110.91.164
Internet
Sw itc h
Telnet user
Internet
Authentication Server
IP address: 10.110.91.164
Internet
Sw itc h
Authentication Server
IP address: 10.110.91.164
Internet
Sw itc h
Telnet user
Internet
Authentication Server
IP address: 10.110.91.164
Internet
Sw itc h
Authentication server
IP address: 10.110.91.164
Internet
Sw itc h
Telnet user
Internet
Figure 1-5 Remote RADIUS authentication of Telnet users
III. Configuration procedure
# Enter system view.
<Quidway> system-view
System View: return to User View with Ctrl+Z.
[Quidway]
# Adopt AAA authentication for Telnet users
[Quidway] user-interface vty 0 4
To Next Page
Loading...
Need help?
General