Configuration Guide 531
Configuring AAA Configuration Example
3
Configuration Example
3.1 Network Requirements
As shown below, the switch needs to be managed remotely via Telnet. In addition, the
senior administrator of the company wants to create an account for the less senior
administrators, who can only view the configurations and some network information
without the Enable password provided.
Two RADIUS servers are deployed in the network to provide a safer authenticate method
for the administrators trying to log in or get administrative privileges. If RADIUS Server 1
breaks down and doesn’t respond to the authentication request, RADIUS Server 2 will work,
so as to ensure the stability of the authentication system.
Figure 3-1 Network Topology
RADIUS Server 1
192.168.0.10/24
Auth Port:1812
RADIUS Server 2
192.168.0.20/24
Auth Port: 1812
Switch Administrator
Management Network
3.2 Configuration Scheme
To implement this requirement, the senior administrator can create the login account
and the Enable password on the two RADIUS servers, and configure the AAA feature
on the switch. The IP addresses of the two RADIUS servers are 192.168.0.10/24 and
192.168.0.20/24; the authentication port number is 1812; the shared key is 123456.
The overview of configuration on the switch is as follows:
1) Add the two RADIUS servers on the switch.
2) Create a new RADIUS server group and add the two servers to the group. Make sure
that RADIUS Server 1 is the first server for authentication.
3) Configure the method list.
4) Configure the AAA application list.
To Next Page
Loading...
