3Com Switch 8800 Advanced Software V5 Configuration Guide
AAA, RADIUS and HWTACACS Configuration Examples 913
[Sysname-luser-telnet] password simple aabbccddeeff
[Sysname-luser-telnet] quit
# Configure the RADIUS scheme.
[Sysname] radius scheme rad
[Sysname-radius-rad] primary authentication 127.0.0.1 1645
[Sysname-radius-rad] primary accounting 127.0.0.1 1646
[Sysname-radius-rad] key authentication aabbcc
[Sysname-radius-rad] key accounting aabbcc
[Sysname-radius-rad] server-type extended
# Configure the AAA scheme for the domain.
[Sysname] domain 1
[Sysname-isp-1] authentication login radius-scheme rad
[Sysname-isp-1] authorization login radius-scheme rad
[Sysname-isp-1] accounting login radius-scheme rad
[Sysname-isp-cams] quit
# Configure the local RADIUS server.
[Sysname] local-server nas-ip 127.0.0.1 key aabbcc
AAA for Telnet Users by
a HWTACACS Server
Network requirements
■ As shown in Figure 264, configure the switch to use the HWTACACS server to
provide authentication, authorization, and accounting services to Telnet users.
■ The HWTACACS server is used for authentication, authentication, and
accounting, and is connected to the switch. Its IP address is 10.1.1.1.
■ On the switch, set the shared keys for authentication, authorization, and
accounting packets to expert. The username that the switch sends to the
HWTACACS server contains no domain name.
■ On the HWTACACS server, set the shared key for packets exchanged with the
switch to expert.
Network diagram
Figure 264 Configure AAA for Telnet users by a HWTACACS Server
Configuration procedure
# Enable the Telnet server function.
Internet
SwitchTelnet user
Authentication/Accounting server
10.1.1.1/24