Remote Radius Authentication Of Telnet/Ssh Users - H3C S5600 Series Operation Manual

Hide thumbs Also See for S5600 Series:

Operation manual (1278 pages)

Configuration (313 pages)

Operation manual (1096 pages)

Table of Contents

[Switch] radius scheme radius1

[Switch-radius-radius1] primary authentication 10.110.91.164 1812

[Switch-radius-radius1] primary accounting 10.110.91.164 1813

[Switch-radius-radius1] key authentication aabbcc

[Switch-radius-radius1] server-type extended

[Switch-radius-radius1] user-name-format with-domain

[Switch-radius-radius1] quit

# In the test domain, specify the authentication method for 802.1X users as radius1, and that for telnet

users as local.

[Switch] domain test

[Switch-isp-test] scheme lan-access radius-scheme radius1

[Switch-isp-test] scheme login local

[Switch-isp-test] quit

# Configure the test domain as the default domain.

[Switch] domain default enable test

# Enable 802.1X globally.

[Switch] dot1x

# Enable 802.1X on interface Ethernet 1/0/1.

[Switch] interface ethernet 1/0/1

[Switch-Ethernet1/0/1] dot1x

Remote RADIUS Authentication of Telnet/SSH Users

The configuration procedure for remote authentication of SSH users by RADIUS server is similar to that

for Telnet users. The following text only takes Telnet users as example to describe the configuration

procedure for remote authentication.

Network requirements

In the network environment shown in

Telnet users logging into the switch are authenticated by the RADIUS server.

A RADIUS authentication server with IP address 10.110.91.164 is connected to the switch.

On the switch, set the shared key it uses to exchange messages with the authentication RADIUS

server to aabbcc.

A CAMS server is used as the RADIUS server. You can select extended as the server-type in a

RADIUS scheme.

On the RADIUS server, set the shared key it uses to exchange messages with the switch to

aabbcc, set the authentication port number, and add Telnet usernames and login passwords.

The Telnet usernames added to the RADIUS server must be in the format of userid@isp-name if you

have configured the switch to include domain names in the usernames to be sent to the RADIUS server

in the RADIUS scheme.

2-3, you are required to configure the switch so that the

Show Quick Links

Quick Links:
Audience

Chapters

Table of Contents

Troubleshooting

Remote Radius Authentication Of Telnet/Ssh Users - H3C S5600 Series Operation Manual

Remote RADIUS Authentication of Telnet/SSH Users

Hide quick links:

Chapters

Troubleshooting

Related Manuals for H3C S5600 Series

Related Content for H3C S5600 Series

This manual is also suitable for:

Table of Contents