Ii. network diagram, Iii. configuration procedure – H3C Technologies H3C S3100 Series Switches User Manual
Page 341
Operation Manual – AAA – RADIUS – HWTACACS
H3C S3100-52P Ethernet Switch
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
1-42
The Telnet user names added to the RADIUS server must be in the format of
userid
@isp-name if you have configured the switch to include domain names in the
user names to be sent to the RADIUS server in the RADIUS scheme.
II. Network diagram
Authentic
IP addres
ation Server
s: 10.110.91.164
Internet
Sw itch
Telnet user
Internet
Authentic
IP addres
ation Server
s: 10.110.91.164
Internet
Sw itch
Authentic
IP addres
ation server
s: 10.110.91.164
Internet
Sw itch
Telnet user
Internet
Authentic
IP addres
ation Server
s: 10.110.91.164
Internet
Sw itch
Authentic
IP addres
ation Server
s: 10.110.91.164
Internet
Sw itch
Telnet user
Internet
Authentic
IP addres
ation Server
s: 10.110.91.164
Internet
Sw itch
Authentic
IP addres
ation server
s: 10.110.91.164
Internet
Sw itch
Telnet user
Internet
Figure 1-7
Remote RADIUS authentication of Telnet users
III. Configuration procedure
# Enter system view.
[H3C]
# Adopt AAA authentication for Telnet users.
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] authentication-mode scheme
[H3C-ui-vty0-4] quit
# Configure an ISP domain.
[H3C] domain cams
[H3C-isp-cams] access-limit enable 10
[H3C-isp-cams] quit
# Configure a RADIUS scheme.
[H3C] radius scheme cams
[H3C-radius-cams] accounting optional
[H3C-radius-cams] primary authentication 10.110.91.164 1812
[H3C-radius-cams] key authentication expert
[H3C-radius-cams] server-type Extended
[H3C-radius-cams] user-name-format with-domain
[H3C-radius-cams] quit
# Associate the ISP domain with the RADIUS scheme.