3com 8807 User Guide

C

HAPTER

 26: AAA 

AND

 RADIUS/HWTACACS P

ROTOCOL

 C

ONFIGURATION

By default, the IP address of local RADIUS authentication server group is 127.0.0.1 
and the password is 3Com.

When using local RADIUS server function, note that,

1 The number of UDP port used for authentication/authorization is 1645 and that 

for accounting is 1646.

2 The password configured by local-server command must be the same as that of 

the RADIUS authentication/authorization packet configured by the command key 
authentication in radius scheme view.

3 Switch 8800 Family series serving as local RADIUS authentication servers currently 

only support the CHAP and PAP authentication modes; they do not support the 
MD5-challenge mode.

The following sections describe HWTACACS configuration tasks.

■

■

■

■

■

■

■

■

■

n 

■

HWTACACS server does not check whether a scheme is being used by users 
when changing most of HWTACS attributes, unless you delete the scheme.

■

By default, the TACACS server has no key.

In the above configuration tasks, creating HWTACACS scheme and configuring 
TACACS authentication/authorization server are required; all other tasks are 
optional and you can determine whether to perform these configurations as 
needed.

As aforementioned, HWTACACS protocol is configured scheme by scheme. 
Therefore, you must create a HWTACACS scheme and enter HWTACACS view 
before you perform other configuration tasks.

Perform the following configuration in system view.

Table 228   Create/Delete a local RADIUS authentication server

Create a local RADIUS authentication server 

local-server nas-ip ip-address key password 

Delete a local RADIUS authentication server 

undo local-server nas-ip ip-address