Filter
Top Products
240 CHAPTER 9: AAA AND RADIUS OPERATION
switch, set the shared key for AAA packet encryption to expert. Configure the
switch to send usernames to the TACACS server with isp-name removed.
On the TACACS server, set the shared key for encrypting the packets exchanged
with the switch to expert; add the usernames and passwords of users:
1 Configure a HWTACACS scheme.
[Quidway]hwtacacs scheme hwtac
[Quidway-hwtacacs-hwtac]primary authentication 10.110.91.164 1812
[Quidway-hwtacacs-hwtac]primary authorization 10.110.91.164 1813
[Quidway-hwtacacs-hwtac]key authentication expert
[Quidway-hwtacacs-hwtac]key authorization expert
[Quidway-hwtacacs-hwtac]undo user-name-format with-domain
[Quidway-hwtacacs-hwtac]quit
2 Associate the domain with the HWTACACS.
[Quidway]domain hwtacacs
[Quidway-isp-hwtacacs]scheme hwtacacs-scheme hwtac
Dynamic VLAN with
RADIUS Server
Configuration Example
The RADIUS server (taking Windows IAS as example) delivers sting VLAN ID test,
which corresponds to the name of VLAN 100 on the switch. The switch can add
the port to VLAN 100 when the server delivers test.
1 Specify RADIUS scheme
[Quidway]radius scheme ias
[Quidway-radius-ias]primary authentication 10.11.1.1
[Quidway-radius-ias]primary accounting 10.11.1.2
[Quidway-radius-ias]key authentication hello
[Quidway-radius-ias]key accounting hello
[Quidway-radius-ias]quit
2 Create ISP domain
[Quidway]domain ias
[Quidway-isp-ias]scheme radius-scheme ias
3 Configure VLAN delivery mode as string
[Quidway-isp-ias]vlan-assignment-mode string
[Quidway-isp-ias]quit
4 Create a VLAN and specify its name.
Create a VLAN.
[Quidway]vlan 100
Configure name of the delivered VLAN.
[Quidway-vlan100]name test
5 Configure on the Windows IAS server the VLAN delivery mode to string and the
name of the delivered VLAN to test.
For the string delivery mode, the VLAN to be delivered must be an existing one on
the switch. That is, you must have created the VLAN and configured a name for it
on the switch. There is no such a restriction for the integer mode.