Aaa configuration examples, Aaa for telnet users by separate servers, Network requirements – H3C Technologies H3C S5120 Series Switches User Manual

1-28

AAA Configuration Examples

AAA for Telnet Users by Separate Servers

Network requirements

As shown in

Figure 1-6

, configure the switch to provide local authentication, local authorization, and

RADIUS accounting services to Telnet users. The user name and the password for Telnet users are

both hello. The RADIUS server is used for accounting. Its IP address is 10.1.1.1. On the switch, set the

shared keys for packets exchanged with the RADIUS server to expert.

Configuration of separate AAA for other types of users is similar to that given in this example. The only

difference lies in the access type.

Figure 1-6 Configure AAA by separate servers for Telnet users

Configuration procedure

# Configure the IP addresses of various interfaces (omitted).

# Enable the Telnet server on the switch.

system-view

[Switch] telnet server enable

# Configure the switch to use AAA for Telnet users.

[Switch] user-interface vty 0 4

[Switch-ui-vty0-4] authentication-mode scheme

[Switch-ui-vty0-4] quit

# Configure the RADIUS scheme.

[Switch] radius scheme rd

[Switch-radius-rd] primary accounting 10.1.1.1 1813

[Switch-radius-rd] key accounting expert

[Switch-radius-rd] server-type extended

[Switch-radius-rd] user-name-format without-domain