ACL does not exist on the NAS, ACL assignment fails, and the NAS forcibly logs the RADIUS user out. If
the assigned VLAN does not exist on the NAS, the NAS creates the VLAN and adds the RADIUS user or
the access port to the VLAN.
Specifying a RADIUS client
Specify the IP address of a client to be managed by the RADIUS server and configure the shared key.
The RADIUS server processes only the RADIUS packets sent from the specified clients.
To specify a RADIUS client:
To do...
1.
Enter system view.
2.
Specify a RADIUS client.
The IP address of a RADIUS client specified on the RADIUS server must be consistent with the source IP
address of outgoing RADIUS packets configured on the RADIUS client.
The shared key configured on the RADIUS server must be consistent with that configured on the RADIUS
client.
Displaying and maintaining AAA
To do...
Display the configuration
information of ISP domains
Display information about user
connections
AAA configuration examples
AAA for Telnet users by an HWTACACS server
Network requirements
As shown in
authorization, and accounting services for Telnet users.
Set the shared keys for authenticating authentication, authorization, and accounting exchanges with the
HWTACACS server to expert. Configure the switch to remove the domain name from a username before
sending the username to the HWTACACS server.
Use the command...
system-view
radius-server client-ip ip-address [ key
string ]
Use the command...
display domain [ isp-name ] [ | { begin |
exclude | include } regular-expression ]
display connection [ access-type { dot1x |
mac-authentication } | domain isp-name |
interface interface-type interface-number | ip
ip-address | mac mac-address | ucibindex
ucib-index | user-name user-name | vlan vlan-
id ] [ slot slot-number ] [ | { begin | exclude |
include } regular-expression ]
Figure
10, configure the switch to use the HWTACACS server to provide authentication,
44
Remarks
—
Required.
No RADIUS client is
specified by default.
Remarks
Available in any view
Available in any view