beautypg.com

Aaa for portal users by a radius server, Network requirements – H3C Technologies H3C S7500E Series Switches User Manual

Page 70

background image

3-7

[Switch] public-key local create rsa

[Switch] public-key local create dsa

[Switch] ssh server enable

# Configure the switch to use AAA for SSH users.

[Switch] user-interface vty 0 4

[Switch-ui-vty0-4] authentication-mode scheme

# Configure the user interfaces to support SSH.

[Switch-ui-vty0-4] protocol inbound ssh

[Switch-ui-vty0-4] quit

# Create RADIUS scheme rad.

[Switch] radius scheme rad

# Specify the primary authentication server.

[Switch-radius-rad] primary authentication 10.1.1.1 1812

# Set the shared key for authentication packets to expert.

[Switch-radius-rad] key authentication expert

# Specify the scheme to include the domain names in usernames to be sent to the RADIUS server.

[Switch-radius-rad] user-name-format with-domain

# Specify the service type for the RADIUS server, which must be extended when the RADIUS server

runs iMC.

[Switch-radius-rad] server-type extended

[Switch-radius-rad] quit

# Configure the AAA methods for the domain.

[Switch] domain bbb

[Switch-isp-bbb] authentication login radius-scheme rad

[Switch-isp-bbb] authorization login radius-scheme rad

[Switch-isp-bbb] quit

3) Verify the configuration

After the configuration above, the SSH user should be able to use the configured account to access

the user interface of the switch and can access the demands of level 0 through level 3. .

# Use the display connection command to view the connection information on the switch.

[Switch] display connection

Index=1 ,Username=hello@bbb

IP=192.168.1.58

IPv6=N/A

Total 1 connection(s) matched.

AAA for Portal Users by a RADIUS Server

Network requirements

As shown in

Figure 3-6

,

z

A host is directly connected to a switch and the switch is configured with direct portal

authentication. The host is assigned with a public network IP address manually or automatically

by a DHCP server. Before passing portal authentication, users using the host can access only the

portal server. After passing portal authentication, the host can access the Internet.

z

A RADIUS server functions as the authentication/accounting server and the portal server as well.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: