3Com 3.01.01 Switch User Manual


 
288 CHAPTER 9: AAA AND RADIUS OPERATION
In the environment illustrated in the following figure, it is required to achieve
through proper configuration that the RADIUS server authenticates the Telnet
users to be registered.
One RADIUS server (as authentication server) is connected to the switch and the
server IP address is 10.110.91.146. The password for exchanging messages
between the switch and the authentication server is "expert". The switch cuts off
domain name from username and sends the left part to the RADIUS server.
Figure 4 Configuring Remote RADIUS Authentication for Telnet Users
1 Add a Telnet user.
For details about configuring FTP and Telnet users, see “Configuring the User
Interface” on page 11.
2 Configure the remote authentication mode for the Telnet user, in this example, the
scheme mode.
[SW8800-ui-vty0-4]authentication-mode scheme
3 Configure the domain.
[SW8800]domain cams
[SW8800-isp-cams]quit
4 Configure RADIUS scheme.
[SW8800]radius scheme cams
[SW8800-radius-cams]primary authentication 10.110.91.146 1812
[SW8800-radius-cams]key authentication expert
[SW8800-radius-cams]server-type 3com
[SW8800-radius-cams]user-name-format without-domain
5 Configure the association between domain and RADIUS.
[SW8800-radius-cams]quit
[SW8800]domain cams
[SW8800-isp-cams]radius-scheme cams
Configuring FTP/Telnet User Authentication at the Local RADIUS Server
Local RADIUS authentication of Telnet/FTP users is similar to remote RADIUS
authentication. But you should modify the server IP address to 127.0.0.1,
authentication password to 3Com, the UDP port number of the authentication
server to 1645.
Authentication Servers
(IP address: 10.110.91.164)
Internet
Switch
Telnet user