H3C S5830V2 Security Configuration Manual page 62

Configure the switch to use the RADIUS server for SSH user authentication and authorization and add an
account with the username hello@bbb on the RADIUS server, so that the SSH user can log in to the switch
and is authorized with the network-operator user role after login.
Set the shared keys for secure RADIUS communication to expert, and set the ports for authentication and
accounting to 1812 and 1813, respectively. Configure the switch to include the domain name in the
username sent to the RADIUS server.
Figure 13 Network diagram
Configuration procedure
1. Configure the RADIUS server on IMC 5.0:
NOTE:
In this example, the RADIUS server runs on IMC PLAT 5.0 (E0101) and IMC UAM 5.0 (E0101).
# Add the switch to the IMC Platform as an access device.
Log in to IMC, click the Service tab, and select User Access Manager > Access Device
Management > Access Device from the navigation tree. Then, click Add to configure an access
device as follows:
a. Set the shared key for secure RADIUS communication to expert.
b. Set the ports for authentication and accounting to 1812 and 1813, respectively.
c. Select the service type Device Management Service.
d. Select the access device type H3C.
e. Select the access device from the device list or manually add the access device (with the IP
address 10.1.1.2).
f. Leave the default settings for other parameters and click OK.
The IP address of the access device specified here must be the same as the source IP address of the
RADIUS packets sent from the switch, which is chosen in this order on the switch:
IP address specified by the nas-ip command
IP address specified by the radius nas-ip command
IP address of the outbound interface (the default)
48