AAA, RADIUS, and HWTACACS Protocol Configuration Examples 239
Figure 58 Configuring Remote RADIUS Authentication for Telnet Users
1 Add a Telnet user.
For details about configuring FTP and Telnet users, see “Configuring the User
Interface” on page 20.
2 Configure the remote authentication mode for the Telnet user, in this example, the
scheme mode.
[SW7750-ui-vty0-4]authentication-mode scheme
3 Configure the domain.
[SW7750]domain cams
[SW7750-isp-cams]quit
4 Configure RADIUS scheme.
[SW7750]radius scheme cams
[SW7750-radius-cams]primary authentication 10.110.91.146 1812
[SW7750-radius-cams]key authentication expert
[SW7750-radius-cams]server-type 3com
[SW7750-radius-cams]user-name-format without-domain
5 Configure the association between domain and RADIUS.
[SW7750-radius-cams]quit
[SW7750]domain cams
[SW7750-isp-cams]radius-scheme cams
Configuring FTP/Telnet
User Authentication at
the Local RADIUS Server
Local RADIUS authentication of Telnet/FTP users is similar to remote RADIUS
authentication. But you should modify the server IP address to 127.0.0.1,
authentication password to 3Com, the UDP port number of the authentication
server to 1645.
For details about local RADIUS authentication of Telnet/FTP users, see
“Configuring a Local RADIUS Server Group”on page 228.
Configuring the
FTP/Telnet User
Authentication at a
Remote TACACS Server
Configure the switch to use a TACACS server to provide AAA services to login
users (see the following figure).
Connect the switch to one TACACS server (providing the services of
authentication and authorization) with the IP address 10.110.91.164. On the
Authentication Servers
(IP address: 10.110.91.164)
Internet
Switch
Telnet user