3com 8807 사용자 가이드
![3com](https://files.manualsbrain.com/attachments/960452ff43b9899cbcffced60c87abf956e7967a/common/fit/150/50/f6ac125d7af2cf40fec58935fa6d4bf71457a57efe50bee91208a434f325/brand_logo.jpeg)
264
C
HAPTER
26: AAA
AND
RADIUS/HWTACACS P
ROTOCOL
C
ONFIGURATION
# Associate the domain with RADIUS.
[3Com-radius-cams] quit
[SW8800] domain cams
[3Com-isp-cams] radius-scheme cams
Configuring
Authentication at Local
RADIUS Authentication
RADIUS Authentication
Server
Local RADIUS authentication of Telnet/FTP users is similar to the remote RADIUS
authentication described in section “Configuring Authentication at Remote
RADIUS Server” . But you should modify the server IP address in Figure 63 of
section “Configuring Authentication at Remote RADIUS Server” to 127.0.0.1,
authentication password to 3Com, the UDP port number of the authentication
server to 1645.
authentication described in section “Configuring Authentication at Remote
RADIUS Server” . But you should modify the server IP address in Figure 63 of
section “Configuring Authentication at Remote RADIUS Server” to 127.0.0.1,
authentication password to 3Com, the UDP port number of the authentication
server to 1645.
n
For details about local RADIUS authentication of Telnet/FTP users, refer to the
section “Setting the Port State of RADIUS Client” “Setting the Port State of RADIUS
Client”.
section “Setting the Port State of RADIUS Client” “Setting the Port State of RADIUS
Client”.
Configuring
Authentication at
Remote TACACS Server
Network requirements
Configure the switch to use a TACACS server to provide authentication and
authorization services to login users (see the following figure).
authorization services to login users (see the following figure).
Connect the switch to one TACACS server (which acting as a AAA server) with the
IP address 10.110.91.164. On the switch, set the shared key for AAA packet
encryption to "expert". Configure the switch to send usernames to the TACACS
server with isp-name removed.
IP address 10.110.91.164. On the switch, set the shared key for AAA packet
encryption to "expert". Configure the switch to send usernames to the TACACS
server with isp-name removed.
On the TACACS server, set the shared key for encrypting the packets exchanged
with the switch to "expert" .
with the switch to "expert" .
Network diagram
Figure 64 Network diagram for TACACS authentication
Configuration procedure
# Configure the Telnet user.
Here it is omitted.
Authentication Servers
( IP address:10.110.91.164 )
Internet
Switch
telnet user
Internet