Network requirements, Configuration procedure – H3C Technologies H3C S7500E Series Switches User Manual

3-4

[Switch-isp-bbb] authorization default hwtacacs-scheme hwtac

[Switch-isp-bbb] accounting default radius-scheme rd

When telnetting in to the switch, a user enters username telnet@bbb for authentication using domain

bbb.

Authentication/Authorization for SSH/Telnet Users by a RADIUS Server

The configuration of authentication and authorization for SSH users is similar to that for Telnet users.

The following takes SSH users as an example.

Network requirements

As shown in

Figure 3-3

,

z

Configure an iMC server to act as the RADIUS server to provide authentication and authorization

services for SSH users. The IP address of the RADIUS server is 10.1.1.1/24.

z

Set both the shared keys for packets exchanged with the RADIUS server to expert; and specify

that a username sent to the RADIUS server carries the domain name. The RADIUS server

provides different user services according to the domain names.

z

Add an account on the RADIUS server, with the username being hello@bbb. The SSH user uses

the username and the configured password to log in to the switch and is authorized with the

privilege level of 3 after login.

Figure 3-3 Configure authentication/authorization for SSH users by a RADIUS server

Internet

Switch

SSH user

RADIUS server

10.1.1.1/24

Vlan-int2

192.168.1.70/24

Vlan-int3
10.1.1.2/24

Configuration procedure

1) Configure the RADIUS server

When the RADIUS server runs iMC: