H3C S7500E Series Ethernet Switches Operation Manual
Operation Manual – AAA RADIUS HWTACACS
H3C S7500E Series Ethernet Switches
Chapter 1 AAA/RADIUS/HWTACACS
Configuration
1-23
To do… Use the command… Remarks
Enter system view
system-view
—
Tear down AAA user
connections forcibly
cut connection { access-type { dot1x |
mac-authentication | portal } | all |
domain isp-name | interface interface-type
interface-number | ip ip-address | mac
mac-address | ucibindex ucib-index |
user-name user-name | vlan vlan-id } [ slot
slot-number ]
Required
Applies to
only LAN
access and
portal user
connections
at present.
1.4 Configuring RADIUS
The RADIUS protocol is configured scheme by scheme. After creating a RADIUS
scheme, you need to configure the IP addresses and UDP ports of the RADIUS servers
for the scheme. The servers include authentication/authorization servers and
accounting servers, or from another point of view, primary servers and secondary
servers. In another words, the attributes of a RADIUS scheme mainly include IP
addresses of primary and secondary servers, shared key, and RADIUS server type.
Actually, the RADIUS protocol configurations only set the parameters necessary for the
information interaction between a NAS and a RADIUS server. For these settings to take
effect, you must reference the RADIUS scheme containing those settings in ISP
domain view. For information about the commands for referencing a scheme, refer to
Configuring AAA.
1.4.1 Creating a RADIUS Scheme
Before performing other RADIUS configurations, follow these steps to create a
RADIUS scheme and enter RADIUS scheme view:
To do… Use the command… Remarks
Enter system view
system-view
—
Create a RADIUS scheme
and enter RADIUS
scheme view
radius scheme
radius-scheme-name
Optional
Not defined by default
Note:
A RADIUS scheme can be referenced by more than one ISP domain at the same time.