3com 4200G ユーザーズマニュアル
18
AAA C
ONFIGURATION
G
UIDE
Configuring RADIUS
Authentication for
Telnet Users
Authentication for
Telnet Users
Authentication, Authorization and Accounting (AAA) is a uniform framework used
to configure the three functions for network security management. It can be
implemented by multiple protocols.
to configure the three functions for network security management. It can be
implemented by multiple protocols.
RADIUS configurations are made in RADIUS schemes. When performing RADIUS
configurations, you first create a RADIUS scheme and then specify the IP addresses
and UDP port numbers of the RADIUS servers for the scheme. These RADIUS
servers include the primary and secondary authentication/authorization severs and
accounting servers. In addition, you need to configure the shared key and specify
the RADIUS server type.
configurations, you first create a RADIUS scheme and then specify the IP addresses
and UDP port numbers of the RADIUS servers for the scheme. These RADIUS
servers include the primary and secondary authentication/authorization severs and
accounting servers. In addition, you need to configure the shared key and specify
the RADIUS server type.
In practice, you can configure the above parameters as required. But you should
configure at least one authentication/authorization server and one accounting
server. If no accounting server is needed, you must configure the accounting
optional command. Besides, the RADIUS server port settings on the switch must
be consistent with those on the RADIUS servers.
configure at least one authentication/authorization server and one accounting
server. If no accounting server is needed, you must configure the accounting
optional command. Besides, the RADIUS server port settings on the switch must
be consistent with those on the RADIUS servers.
Network Diagram
Figure 43 Network diagram for configuring RADIUS authentication for Telnet users
Networking and
Configuration
Requirements
As shown in Figure 43, configure the switch so that Telnet users logging into the
switch are authenticated remotely by the RADIUS server.
switch are authenticated remotely by the RADIUS server.
■
A RADIUS authentication server with an IP address of 10.110.91.164 is
connected to the switch.
connected to the switch.
■
On the switch, set the shared key for exchanging messages with the
authentication RADIUS server to aabbcc.
authentication RADIUS server to aabbcc.
■
A CAMS server is used as the RADIUS server. Select extended as the
server-type in the RADIUS scheme.
server-type in the RADIUS scheme.
■
On the RADIUS server, set the shared key for exchanging messages with the
switch to aabbcc, configure the authentication port number, and add Telnet
switch to aabbcc, configure the authentication port number, and add Telnet
Internet
Telnet user
RADIUS server
10 .110 .91 .164 /16