H3C S7500 Series Operation Manual page 563

Operation Manual – AAA & RADIUS & HWTACACS & EAD
H3C S7500 Series Ethernet Switches
I. Network requirements
In the network environment shown in
switch so that the Telnet users logging into the switch are authenticated by the RADIUS
server.
A RADIUS server with IP address 10.110.91.164 is connected to the switch. This
server will be used as the authentication server.
Create an ISP domain named cams, and specify the domain to hold a maximum of
10 users.
Create a RADIUS scheme named cams, enable the charging function, and
configure the IP address and port number of the primary authentication server.
On the switch, set the shared key that is used to exchange packets with the
authentication RADIUS server to expert.
You can use a CAMS server as the RADIUS server, and select extended as the
server type in the RADIUS scheme.
Note:
You need to set extended as the server type in the RADIUS scheme if you want to use
the CAMS server to issue user level. Otherwise, the user level will be 0 by default.
On the RADIUS server:
Set the shared key it uses to exchange packets with the switch to expert.
Set the port number for authentication.
Add Telnet user names and login passwords.
The Telnet user name added to the RADIUS server must be in the format of
userid@isp-name if you have configured the switch to send usernames with domain
names to the RADIUS server.
II. Network diagram
Telnet user
Figure 1-7 Remote RADIUS authentication of Telnet users
Chapter 1 AAA & RADIUS & HWTACACS
Figure 1-7, you are required to configure the
Authentication/ Accounting server
10.1.1 .1/24
Switch
1-41
Internet
Configuration