264
C
21: AAA C
HAPTER
ONFIGURATION
On the RADIUS server, set the shared key it uses to exchange messages with
■
the switch to "aabbcc," set the authentication port number, and add Telnet
user names and login passwords.
The Telnet user names added to the RADIUS server must be in the format of
userid@isp-name if you have configured the switch to include domain names in
the user names to be sent to the RADIUS server in the RADIUS scheme.
Network diagram
Figure 81 Remote RADIUS authentication of Telnet users
Telnet user
Configuration procedure
# Enter system view.
<4210> system-view
# Adopt AAA authentication for Telnet users.
[4210] user-interface vty 0 4
[4210-ui-vty0-4] authentication-mode scheme
[4210-ui-vty0-4] quit
# Configure an ISP domain.
[4210] domain cams
[4210-isp-cams] access-limit enable 10
[4210-isp-cams] quit
# Configure a RADIUS scheme.
[4210] radius scheme cams
[4210-radius-cams] accounting optional
[4210-radius-cams] primary authentication 10.110.91.164 1812
[4210-radius-cams] key authentication aabbcc
[4210-radius-cams] server-type Extended
[4210-radius-cams] user-name-format with-domain
[4210-radius-cams] quit
# Associate the ISP domain with the RADIUS scheme.
[4210] domain cams
[4210-isp-cams] scheme radius-scheme cams
Authentication server
10. 110.91. 164
Internet