3com 8807 사용자 가이드

264

HAPTER

26: AAA

AND

RADIUS/HWTACACS P

ROTOCOL

ONFIGURATION

# Associate the domain with RADIUS.

[3Com-radius-cams] quit

[SW8800] domain cams

[3Com-isp-cams] radius-scheme cams

Configuring

Authentication at Local
RADIUS Authentication

Server

Local RADIUS authentication of Telnet/FTP users is similar to the remote RADIUS
authentication described in section “Configuring Authentication at Remote
RADIUS Server” . But you should modify the server IP address in Figure 63 of
section “Configuring Authentication at Remote RADIUS Server” to 127.0.0.1,
authentication password to 3Com, the UDP port number of the authentication
server to 1645.

For details about local RADIUS authentication of Telnet/FTP users, refer to the
section “Setting the Port State of RADIUS Client” “Setting the Port State of RADIUS
Client”.

Configuring

Authentication at

Remote TACACS Server

Network requirements

Configure the switch to use a TACACS server to provide authentication and
authorization services to login users (see the following figure).

Connect the switch to one TACACS server (which acting as a AAA server) with the
IP address 10.110.91.164. On the switch, set the shared key for AAA packet
encryption to "expert". Configure the switch to send usernames to the TACACS
server with isp-name removed.

On the TACACS server, set the shared key for encrypting the packets exchanged
with the switch to "expert" .

Network diagram

Figure 64 Network diagram for TACACS authentication

Configuration procedure

# Configure the Telnet user.

Here it is omitted.

Authentication Servers

( IP address:10.110.91.164 )

Internet

Switch

telnet user

Internet