3Com Switch 7750 Configuration Guide Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

511

512

513

514

515

516

517

518

519

520

AAA & RADIUS & HWTACACS Configuration Example 519

Method 2: using a local RADIUS server

This method is similar to the remote authentication method described in section

“Remote RADIUS Authentication of Telnet/SSH Users” . You only need to change

the server IP address, the authentication password, and the UDP port number for

authentication service in configuration step "Configure a RADIUS scheme" in

section

“Remote RADIUS Authentication of Telnet/SSH Users” to 127.0.0.1,

3Com, and 1645 respectively, and configure local users (whether the name of

local user carries domain name should be consistent with the configuration in

RADIUS scheme).

TACACS Authentication,

Authorization, and

Accounting of Telnet

Users

Network requirements

You are required to configure the switch so that the Telnet users logging in to the

TACACS server are authenticated, authorized, and accounted. Configure the

switch to A TACACS server with IP address 10.110.91.164 is connected to the

switch. This server will be used as the AAA server. On the switch, set the shared

key that is used to exchange packets with the AAA TACACS server to "expert".

Configure the switch to strip off the domain name in the user name to be sent to

the TACACS server.

Configure the shared key to "expert" on the TACACS server for exchanging

packets with the switch.

Network diagram

Figure 132 Remote authentication and authorization of Telnet users

Configuration procedure

# Add a Telnet user.

Omitted here

# Configure a HWTACACS scheme.

<SW7750> system-view

[SW7750] hwtacacs scheme hwtac

[SW7750-hwtacacs-hwtac] primary accounting 10.110.91.164 49

[SW7750-hwtacacs-hwtac] primary authentication 10.110.91.164 49

[SW7750-hwtacacs-hwtac] primary authorization 10.110.91.164 49

[SW7750-hwtacacs-hwtac] key accounting expert

[SW7750-hwtacacs-hwtac] key authentication expert

[SW7750-hwtacacs-hwtac] key authorization expert

Authentication server

( IP address:10.110.91.164 )

Internet

Switch

Telnet user

Internet

Authentication server

( IP address:10.110.91.164 )

Internet

Switch

Authentication server

( IP address:10.110.91.164 )

Internet

Switch

Telnet user

Internet