Manualshelf

3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
51525354555657585960
AAA and RADIUS/HWTACACS Protocol Configuration Example 53
Connect the module to the RADIUS server (functions as both authentication and
accounting servers) whose IP address is 10.0.0.1/24. On the module, set the
shared keys both for packet exchange with the authentication server and with the
accounting server as "expert".
You can use a 3Com CAMS server as the RADIUS server. Set server-type in the
RADIUS scheme to standard or 3com if a third-party RADIUS server is used and to
3com if a 3Com CAMS server is used. On the RADIUS server, set the shared key for
packet exchange with the module as "expert"; set the authentication and
accounting port numbers; add the usernames and login passwords of the Telnet
users. If the module is configured in the RADIUS scheme not to remove the
domain name from the user name but send the full username to the RADIUS
server, the Telnet usernames added onto the RADIUS server are in the
userid@isp-name format.
Network diagram
Figure 9 Network diagram for remote RADIUS authentication on Telnet users
Configuration procedure
1 Radius Server
IP address: 10.0.0.1/24.
Gateway: 10.0.0.254.
2 Telnet User
IP address: 50.0.0.1/24.
3 Switch 8807 (SecBlade)
# Divide VLANs.
<SW8800> system-view
[SW8800] vlan 10
[3Com-vlan10] quit
SecBlade
S
Vlan
30
Vlan
10
Vlan
50
Vlan
50
Radius Server
Telnet User
50
.
0
.
0
.
1
/
24
10
.
0
.
0
.
1
/
24
30 . 0 . 0 . 254 / 24
50
.
0
.
0
.
254
/
24
30
.
0
.
0
.
1
/
24
10
.
0
.
0
.
254
/
24
SecBlade
Vlan
30
Vlan
10
Vlan
50
Vlan
50
Radius Server
Telnet User
50
.
0
.
0
.
1
/
24
10
.
0
.
0
.
1
/
24
30 . 0 . 0 . 254 / 24
50
.
0
.
0
.
254
/
24
30
.
0
.
0
.
1
/
24
10
.
0
.
0
.
254
/
24
8800