3com 8807 Guía Del Usuario
256
C
HAPTER
26: AAA
AND
RADIUS/HWTACACS P
ROTOCOL
C
ONFIGURATION
By default, the IP address of local RADIUS authentication server group is 127.0.0.1
and the password is 3Com.
and the password is 3Com.
When using local RADIUS server function, note that,
1 The number of UDP port used for authentication/authorization is 1645 and that
for accounting is 1646.
2 The password configured by local-server command must be the same as that of
the RADIUS authentication/authorization packet configured by the command key
authentication in radius scheme view.
authentication in radius scheme view.
3 Switch 8800 Family series serving as local RADIUS authentication servers currently
only support the CHAP and PAP authentication modes; they do not support the
MD5-challenge mode.
MD5-challenge mode.
Configuring
HWTACACS Protocol
HWTACACS Protocol
The following sections describe HWTACACS configuration tasks.
■
■
■
■
■
■
■
■
■
n
Pay attention to the following when configuring a TACACS server:
■
HWTACACS server does not check whether a scheme is being used by users
when changing most of HWTACS attributes, unless you delete the scheme.
when changing most of HWTACS attributes, unless you delete the scheme.
■
By default, the TACACS server has no key.
In the above configuration tasks, creating HWTACACS scheme and configuring
TACACS authentication/authorization server are required; all other tasks are
optional and you can determine whether to perform these configurations as
needed.
TACACS authentication/authorization server are required; all other tasks are
optional and you can determine whether to perform these configurations as
needed.
Creating a HWTACAS
Scheme
As aforementioned, HWTACACS protocol is configured scheme by scheme.
Therefore, you must create a HWTACACS scheme and enter HWTACACS view
before you perform other configuration tasks.
Therefore, you must create a HWTACACS scheme and enter HWTACACS view
before you perform other configuration tasks.
Perform the following configuration in system view.
Table 228 Create/Delete a local RADIUS authentication server
Operation
Command
Create a local RADIUS authentication server
local-server nas-ip ip-address key password
Delete a local RADIUS authentication server
undo local-server nas-ip ip-address