Network diagram, Configuration procedure, Local authentication of ftp/telnet users – H3C Technologies H3C S3100 Series Switches User Manual

2-33

The Telnet user names added to the RADIUS server must be in the format of userid@isp-name if you

have configured the switch to include domain names in the user names to be sent to the RADIUS server

in the RADIUS scheme.

Network diagram

Figure 2-3 Remote RADIUS authentication of Telnet users

Configuration procedure

# Enter system view.

<Sysname> system-view

# Adopt AAA authentication for Telnet users.

[Sysname] user-interface vty 0 4

[Sysname-ui-vty0-4] authentication-mode scheme

[Sysname-ui-vty0-4] quit

# Configure an ISP domain.

[Sysname] domain cams

[Sysname-isp-cams] access-limit enable 10

[Sysname-isp-cams] quit

# Configure a RADIUS scheme.

[Sysname] radius scheme cams

[Sysname-radius-cams] accounting optional

[Sysname-radius-cams] primary authentication 10.110.91.164 1812

[Sysname-radius-cams] key authentication aabbcc

[Sysname-radius-cams] server-type Extended

[Sysname-radius-cams] user-name-format with-domain

[Sysname-radius-cams] quit

# Associate the ISP domain with the RADIUS scheme.

[Sysname] domain cams

[Sysname-isp-cams] scheme radius-scheme cams

A Telnet user logging into the switch by a name in the format of userid @cams belongs to the cams

domain and will be authenticated according to the configuration of the cams domain.

Local Authentication of FTP/Telnet Users