Operation Manual – AAA & RADIUS & HWTACACS & EAD
Quidway S3900 Series Ethernet Switches-Release 1510
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
Huawei Technologies Proprietary
1-44
z A RADIUS server with IP address 10.110.91.164 is connected to the switch. This
server will be used as the authentication server.
z On the switch, set the shared key that is used to exchange packets with the
authentication RADIUS server to "expert".
You can use a CAMS server as the RADIUS server. If you use a third-party RADIUS
server, you can select standard or huawei as the server type in the RADIUS scheme.
On the RADIUS server:
z Set the shared key it uses to exchange packets with the switch to "expert".
z Set the port number for authentication.
z Add Telnet user names and login passwords.
The Telnet user name added to the RADIUS server must be in the format of
userid@isp-name if you have configure the switch to include domain names in the user
names to be sent to the RADIUS server.
II. Network diagram
Authentication Server
IP address: 10.110.91.164
Internet
Sw itc h
Telnet user
Internet
Authentication Server
IP address: 10.110.91.164
Internet
Sw itc h
Authentication server
IP address: 10.110.91.164
Internet
Sw itc h
Telnet user
Internet
Authentication Server
IP address: 10.110.91.164
Internet
Sw itc h
Authentication Server
IP address: 10.110.91.164
Internet
Sw itc h
Telnet user
Internet
Authentication Server
IP address: 10.110.91.164
Internet
Sw itc h
Authentication server
IP address: 10.110.91.164
Internet
Sw itc h
Telnet user
Internet
Figure 1-7 Remote RADIUS authentication of Telnet users
III. Configuration procedure
# Enter system view.
<Quidway> system-view
[Quidway]
# Adopt AAA authentication for Telnet users.
[Quidway] user-interface vty 0 4
[Quidway-ui-vty0-4] authentication-mode scheme
# Configure an ISP domain.
[Quidway] domain cams
[Quidway-isp-cams] access-limit enable 10
To Next Page
Loading...
