H3C S3100-52P Operation Manual page 44

Operation Manual – AAA – RADIUS – HWTACACS
H3C S3100-52P Ethernet Switch
The Telnet user names added to the RADIUS server must be in the format of
userid@isp-name if you have configured the switch to include domain names in the
user names to be sent to the RADIUS server in the RADIUS scheme.
II. Network diagram
Telnet user Telnet user Telnet user Telnet user
Figure 1-7 Remote RADIUS authentication of Telnet users
III. Configuration procedure
# Enter system view.
<H3C> system-view
[H3C]
# Adopt AAA authentication for Telnet users.
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] authentication-mode scheme
[H3C-ui-vty0-4] quit
# Configure an ISP domain.
[H3C] domain cams
[H3C-isp-cams] access-limit enable 10
[H3C-isp-cams] quit
# Configure a RADIUS scheme.
[H3C] radius scheme cams
[H3C-radius-cams] accounting optional
[H3C-radius-cams] primary authentication 10.110.91.164 1812
[H3C-radius-cams] key authentication expert
[H3C-radius-cams] server-type Extended
[H3C-radius-cams] user-name-format with-domain
[H3C-radius-cams] quit
# Associate the ISP domain with the RADIUS scheme.
Authentic Authentic Authentic Authentic Authentic Authentic Authentic
IP addres IP addres IP addres IP addres IP addres IP addres IP addres
Sw itch Sw itch Sw itch Sw itch Sw itch Sw itch Sw itch
1-42
Chapter 1 AAA & RADIUS & HWTACACS
ation Server ation server ation Server ation Server ation Server ation server ation Server
s: 10.110.91.164 s: 10.110.91.164 s: 10.110.91.164 s: 10.110.91.164 s: 10.110.91.164 s: 10.110.91.164 s: 10.110.91.164
Internet Internet Internet Internet Internet Internet Internet Internet Internet Internet Internet
Configuration