3Com Switch 8800 Advanced Software V5 Configuration Guide
914 CHAPTER 70: AAA, RADIUS AND HWTACACS CONFIGURATION
<Sysname> system-view
[Sysname] telnet server enable
# Configure AAA for Telnet users.
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] authentication-mode scheme
[Sysname-ui-vty0-4] quit
# Configure the HWTACACS scheme.
<Sysname> system-view
[Sysname] hwtacacs scheme hwtac
[Sysname-hwtacacs-hwtac] primary authentication 10.1.1.1 49
[Sysname-hwtacacs-hwtac] primary authorization 10.1.1.1 49
[Sysname-hwtacacs-hwtac] primary accounting 10.1.1.1 49
[Sysname-hwtacacs-hwtac] key authentication expert
[Sysname-hwtacacs-hwtac] key authorization expert
[Sysname-hwtacacs-hwtac] key accounting expert
[Sysname-hwtacacs-hwtac] user-name-format without-domain
[Sysname-hwtacacs-hwtac] quit
# Apply the AAA schemes to the domain.
<Sysname> system-view
[Sysname] domain 1
[Sysname-isp-1] authentication login hwtacacs-scheme hwtac
[Sysname-isp-1] authorization login hwtacacs-scheme hwtac
[Sysname-isp-1] accounting login hwtacacs-scheme hwtac
[Sysname-isp-1] quit
# Configure the default AAA schemes for all types of users.
[Sysname] domain 1
[Sysname-isp-1] authentication default hwtacacs-scheme hwtac
[Sysname-isp-1] authorization default hwtacacs-scheme hwtac
[Sysname-isp-1] accounting default hwtacacs-scheme hwtac
Troubleshooting AAA,
RADIUS, and
HWTACACS
Troubleshooting RADIUS Symptom 1: User authentication/authorization always fails.
Analysis:
■ The username is not in the format of "userid@isp-name", or no default ISP
domain is specified for the device.
■ This user is not available in the database of the RADIUS server.
■ The user does not enter a correct password.
■ The shared key on the RADIUS server is different from that on the device.
■ The device cannot communicate with the RADIUS server (you can check the
communication by pinging the RADIUS server on the device).