7 aaa & radius & hwtacacs configuration example, 1 remote radius authentication of telnet/ssh users, I. network requirements – H3C Technologies H3C S3100 Series Switches User Manual

Operation Manual – AAA – RADIUS – HWTACACS

H3C S3100-52P Ethernet Switch

Chapter 1 AAA & RADIUS & HWTACACS

Configuration

1-41

Operation

Command

Description

Clear HWTACACS

message statistics

reset hwtacacs
statistics

{ accounting |

authentication

|

authorization

| all }

Delete buffered

non-response

stop-accounting requests

reset
stop-accounting-buffer

{

hwtacacs-scheme

hwtacacs-scheme-name

|

session-id

session-id |

time-range

start-time

stop-time

| user-name

user-name

}

You can execute the
reset

command in user

view.

1.7 AAA & RADIUS & HWTACACS Configuration Example

1.7.1 Remote RADIUS Authentication of Telnet/SSH Users

Note:

The configuration procedure for remote authentication of SSH users by RADIUS server
is similar to that for Telnet users. The following text only takes Telnet users as example
to describe the configuration procedure for remote authentication.

I. Network requirements

In the network environment shown in Figure 1-7, you are required to configure the
switch so that the Telnet users logging into the switch are authenticated by the RADIUS
server.

z

A RADIUS server with IP address 10.110.91.164 is connected to the switch. This
server will be used as the authentication server.

z

On the switch, set the shared key it uses to exchange messages with the
authentication RADIUS server to "expert".

You can use a CAMS server as the RADIUS server. You can select standard or
extended as the server-type in a RADIUS scheme.
On the RADIUS server:

z

Set the shared key it uses to exchange messages with the switch to "expert".

z

Set the authentication port number.

z

Add Telnet user names and login passwords.