H3C S7500E Series Ethernet Switches Operation Manual
Operation Manual – AAA RADIUS HWTACACS
H3C S7500E Series Ethernet Switches
Chapter 1 AAA/RADIUS/HWTACACS
Configuration
1-13
Task Remarks
Specifying Security Policy Servers Optional
Enabling the Listening Port of the RADIUS Client Optional
III. HWTACACS configuration task list
Task Remarks
Creating a HWTACAS scheme Required
Specifying the HWTACACS Authentication Servers Required
Specifying the HWTACACS Authorization Servers Optional
Specifying the HWTACACS Accounting Servers Optional
Setting the Shared Key for HWTACACS Packets Required
Configuring Attributes Related to the Data Sent to the
HWTACACS server
Optional
Setting Timers Regarding HWTACACS Servers Optional
1.3 Configuring AAA
By configuring AAA, you can provide network access service for legal users, protect the
networking devices, and avoid unauthorized access and bilking. In addition, you can
configure ISP domains to perform AAA on accessing users.
In AAA, users are divided into LAN users (such as 802.1x users and MAC
authentication users), login users (such as SSH, Telnet, FTP, and terminal access
users), portal users and command line users (that is, command line authentication
users). Except for command line users, you can configure separate
authentication/authorization/accounting policies for all the other type of users.
Command line users can be configured with authorization policy independently.
1.3.1 Configuration Prerequisites
For remote authentication, authorization, or accounting, you must create the RADIUS
or HWTACACS scheme first.
z RADIUS scheme: Reference a configured RADIUS scheme to implement
authentication/authorization and accounting. For RADIUS scheme configuration,
refer to
Configuring RADIUS.
z HWTACACS scheme: Reference a configured HWTACACS scheme to implement
authentication/authorization and accounting. For HWTACACS scheme
configuration, refer to
Configuring HWTACACS.