Aaa For Ssh Users By A Radius Server - H3C S9500E Series Security Configuration Manual
Routing switches
Hide thumbs
Also See for S9500E Series:
- Configuration manual (459 pages) ,
- Command reference manual (225 pages) ,
- Installation manual (154 pages)
Table of Contents
Advertisement
[Switch-isp-bbb] accounting login radius-scheme rd
[Switch-isp-bbb] quit
Configure the default AAA methods for all types of users.
[Switch] domain bbb
[Switch-isp-bbb] authentication default local
[Switch-isp-bbb] authorization default hwtacacs-scheme hwtac
[Switch-isp-bbb] accounting default radius-scheme rd
When telneting into the switch, a user enters username telnet@bbb for authentication using
domain bbb.
AAA for SSH users by a RADIUS server
Network requirements
Configure the switch to use the RADIUS server to provide authentication, authorization, and
accounting services to SSH users. See Figure 12.
•
Configure a CAMS/iMC server to act as the RADIUS server to provide authentication,
authorization, and accounting services for SSH users. The IP address of the RADIUS server is
10.1.1.1/24.
•
Set both the shared keys for authentication and accounting packets exchanged with the
RADIUS server to expert; and specify that a username sent to the RADIUS server carries the
domain name.
•
The RADIUS server provides different user services according to the domain names.
Figure 12
Configure AAA for SSH users by a RADIUS server
SSH user
Configuration procedure
Configure the RADIUS server.
1.
This example assumes that the RADIUS server runs the CAMS server Version 2.10-R0210.
When the RADIUS server runs iMC:
This example assumes that the RADIUS server runs iMC PLAT 3.20-R2602 or iMC UAM 3.60-E6102.
RADIUS server
10.1.1.1/24
Vlan-int3
10.1.1.2/24
Vlan-int2
192.168.1.70/24
Switch
Internet
59
Advertisement
Table of Contents
Troubleshooting
