1-38
[Switch-hwtacacs-hwtac] user-name-format without-domain
[Switch-hwtacacs-hwtac] quit
# Configure the RADIUS scheme.
[Switch] radius scheme rd
[Switch-radius-rd] primary accounting 10.1.1.1 1813
[Switch-radius-rd] key accounting expert
[Switch-radius-rd] server-type extended
[Switch-radius-rd] user-name-format without-domain
[Switch-radius-rd] quit
# Create a local user named
hello
.
[Switch] local-user hello
[Switch-luser-hello] service-type telnet
[Switch-luser-hello] password simple hello
[Switch-luser-hello] quit
# Configure the AAA methods for the ISP domain.
[Switch] domain bbb
[Switch-isp-bbb] authentication login local
[Switch-isp-bbb] authorization login hwtacacs-scheme hwtac
[Switch-isp-bbb] accounting login radius-scheme rd
[Switch-isp-bbb] quit
# Configure the default AAA methods for all types of users.
[Switch] domain bbb
[Switch-isp-bbb] authentication default local
[Switch-isp-bbb] authorization default hwtacacs-scheme hwtac
[Switch-isp-bbb] accounting default radius-scheme imc
When telneting into the switch, a user enters username telnet@bbb for authentication using domain
bbb
.
AAA for SSH Users by a RADIUS Server
Network requirements
As shown in
Figure 1-9
, configure the switch to use the RADIUS server to provide authentication,
authorization, and accounting services to SSH users.
z
Configure an iMC server to act as the RADIUS server to provide authentication, authorization, and
accounting services for SSH users. The IP address of the RADIUS server is 10.1.1.1/24.
z
Set both the shared keys for authentication and accounting packets exchanged with the RADIUS
server to
expert
; and specify that a username sent to the RADIUS server carries the domain
name. The RADIUS server provides different user services according to the domain names.