Remote radius authentication of telnet/ssh users, Network requirements – H3C Technologies H3C S3100 Series Switches User Manual
Page 446
2-32
# Configure RADIUS scheme radius1.
[Switch] radius scheme radius1
[Switch-radius-radius1] primary authentication 10.110.91.164 1812
[Switch-radius-radius1] primary accounting 10.110.91.164 1813
[Switch-radius-radius1] key authentication aabbcc
[Switch-radius-radius1] server-type extended
[Switch-radius-radius1] user-name-format with-domain
[Switch-radius-radius1] quit
# In the test domain, specify the authentication method for 802.1X users as radius1, and that for telnet
users as local.
[Switch] domain test
[Switch-isp-test] scheme lan-access radius-scheme radius1
[Switch-isp-test] scheme login local
[Switch-isp-test] quit
# Configure the test domain as the default domain.
[Switch] domain default enable test
# Enable 802.1X globally.
[Switch] dot1x
# Enable 802.1X on interface Ethernet 1/0/1.
[Switch] interface ethernet 1/0/1
[Switch-Ethernet1/0/1] dot1x
Remote RADIUS Authentication of Telnet/SSH Users
The configuration procedure for remote authentication of SSH users by RADIUS server is similar to that
for Telnet users. The following text only takes Telnet users as example to describe the configuration
procedure for remote authentication.
Network requirements
In the network environment shown in
, you are required to configure the switch so that the
Telnet users logging into the switch are authenticated by the RADIUS server.
z
A RADIUS authentication server with IP address 10.110.91.164 is connected to the switch.
z
On the switch, set the shared key it uses to exchange messages with the authentication RADIUS
server to "aabbcc".
z
A CAMS server is used as the RADIUS server. You can select extended as the server-type in a
RADIUS scheme.
z
On the RADIUS server, set the shared key it uses to exchange messages with the switch to
"aabbcc," set the authentication port number, and add Telnet user names and login passwords.