H3C S7500 Series Operation Manual page 565

Operation Manual – AAA & RADIUS & HWTACACS & EAD
H3C S7500 Series Ethernet Switches
II. Network diagram
Telnet User
Figure 1-8 Local authentication of Telnet user
III. Configuration procedure
Method 1: Use a local authentication scheme.
# Enter system view.
<H3C> system-view
[H3C]
# Adopt AAA authentication for Telnet users.
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] authentication-mode scheme
[H3C-ui-vty0-4] quit
# Create and configure a local user named telnet.
[H3C] local-user telnet
[H3C-luser-telnet] service-type telnet
[H3C-luser-telnet] password simple secret
[H3C-luser-telnet] attribute idle-cut 300 access-limit 5
[H3C] domain system
[H3C-isp-system] scheme local
A Telnet user logging into the switch with the name telnet@system belongs to the
domain system and will be authenticated according to the configuration of the domain
system.
Method 2: Use a local RADIUS server.
This method is similar to the remote authentication method described in
RADIUS Authentication of Telnet/SSH
address, the authentication password, and the UDP port number for authentication
service in configuration step "Configure a RADIUS scheme" in
Authentication of Telnet/SSH Users
configure local users (whether the name of local user carries domain name should be
consistent with the configuration in RADIUS scheme).
Internet
Switch
Users. You only need to change the server IP
to 127.0.0.1, expert, and 1645 respectively, and
1-43
Chapter 1 AAA & RADIUS & HWTACACS
s
Configuration
Remote
Remote RADIUS