3Com Switch 7750 Configuration Guide Guide
516 CHAPTER 48: AAA & RADIUS & HWTACACS CONFIGURATION
AAA & RADIUS &
HWTACACS
Configuration
Example
Remote RADIUS
Authentication of
Telnet/SSH Users
n
The configuration procedure for the remote authentication of SSH users through
RADIUS server is similar to that of Telnet users. The following description only
takes the remote authentication of Telnet users as example.
Network requirements
In the network environment shown in Figure 130, you are required to configure
the switch so that the Telnet users logging into the switch are authenticated by the
RADIUS server.
■ A RADIUS server with IP address 10.110.91.164 is connected to the switch.
This server will be used as the authentication server.
■ On the switch, set the shared key that is used to exchange packets with the
authentication RADIUS server to "expert".
You can use a CAMS server as the RADIUS server. If you use a third-party RADIUS
server, you can select standard or radius as the server type in the RADIUS scheme.
On the RADIUS server:
Tabl e 402 Display and maintain HWTACACS protocol information
Operation Command Description
Display the configuration or
statistic information about
one specific or all HWTACACS
schemes
display hwtacacs [
hwtacacs-scheme-name [
statistics] ]
You can execute the display
command in any view
Display the buffered
HWTACACS stop-accounting
request packets that are not
responded to
display
stop-accounting-buffer {
hwtacacs-scheme
hwtacacs-scheme-name |
session-id session-id |
time-range start-time
stop-time | user-name
user-name }
Clear the statistics about the
TACACS protocol
reset hwtacacs statistics {
accounting | authentication
| authorization | all }
You can execute the reset
command in user view
Delete the buffered
stop-accounting request
packets that are not
responded to
reset
stop-accounting-buffer {
hwtacacs-scheme
hwtacacs-scheme-name |
session-id session-id |
time-range start-time
stop-time | user-name
user-name }