3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

AAA and RADIUS/HWTACACS Protocol Configuration Example 53

Connect the IPsec module to the RADIUS server (functions as both authentication

and accounting servers) whose IP address is 10.0.0.1/24. On the IPsec module, set

the shared keys both for packet exchange with the authentication server and with

the accounting server as "expert".

You can use a 3Com CAMS server as the RADIUS server. Set server-type in the

RADIUS scheme to standard or 3com if a third-party RADIUS server is used and to

3com if a 3Com CAMS server is used. On the RADIUS server, set the shared key for

packet exchange with the IPsec module as "expert"; set the authentication and

accounting port numbers; add the usernames and login passwords of the Telnet

users. If the IPsec module is configured in the RADIUS scheme not to remove the

domain name from the user name but send the full username to the RADIUS

server, the Telnet usernames added onto the RADIUS server are in the

userid@isp-name format.

Network diagram

Figure 9 Network diagram for remote RADIUS authentication on Telnet users

Configuration procedure

1 Radius Server

IP address: 10.0.0.1/24.

Gateway: 10.0.0.254.

2 Telnet User

IP address: 50.0.0.1/24.

3 Switch 8807 (SecBlade)

# Divide VLANs.

<SW8800> system-view

[SW8800] vlan 10

[3Com-vlan10] quit

[SW8800] vlan 30

SecBlade S850

Vlan 30

Vlan10

Vlan 50

Radius Server

Telnet User

50.0.0.1/24

10.0.0.1/24

30.0.0.254/24

50.0.0.254/24

30.0.0.1/24

10.0.0.254/24

SecBlade Swich 8800