1-47
[Switch-ui-vty0-4] protocol inbound ssh
[Switch-ui-vty0-4] quit
# Create RADIUS scheme
rad
.
[Switch] radius scheme rad
# Specify the primary authentication server.
[Switch-radius-rad] primary authentication 10.1.1.1 1812
# Specify the primary accounting server.
[Switch-radius-rad] primary accounting 10.1.1.1 1813
# Set the shared key for authentication packets to
expert
.
[Switch-radius-rad] key authentication expert
# Set the shared key for accounting packets to
expert
.
[Switch-radius-rad] key accounting expert
# Specify that a username sent to the RADIUS server carries the domain name.
[Switch-radius-rad] user-name-format with-domain
# Specify the service type for the RADIUS server, which must be
extended
when the RADIUS server
runs iMC.
[Switch-radius-rad] server-type extended
[Switch-radius-rad] quit
# Configure the AAA methods for the domain.
[Switch] domain bbb
[Switch-isp-bbb] authentication login radius-scheme rad
[Switch-isp-bbb] authorization login radius-scheme rad
[Switch-isp-bbb] accounting login radius-scheme rad
[Switch-isp-bbb] quit
When using SSH to log in, a user enters a username in the form userid@bbb for authentication using
domain
bbb
.
3) Verify the configuration
After the above configuration, the SSH user should be able to use the configured account to access the
user interface of the switch. The commands that the user can access depend on the settings for EXEC
users on the iMC server.
Level Switching Authentication for Telnet Users by an HWTACACS Server
Network requirements
As shown in
Figure 1-14
,
z
Connect the Telnet user to the switch and the switch to the HWTACACS server.
z
Configure the switch to use local authentication for the Telnet user and assign the privilege level of
0 for the user to enjoy after login.
z
Configure the switch to use the HWTACACS server and, if HWTACACS authentication is not
available, use local authentication instead for level switching authenticate of the Telnet user.
Summary of Contents for S7902E
Page 82: ...1 4 DeviceA interface tunnel 1 DeviceA Tunnel1 service loopback group 1 ...
Page 200: ...1 11 DeviceB display vlan dynamic No dynamic vlans exist ...
Page 598: ...ii ...
Page 1757: ...4 9 ...
Page 1770: ...6 4 ...
Page 2017: ...2 11 Figure 2 3 SFTP client interface ...
Page 2238: ...1 16 DeviceA cfd linktrace service instance 1 mep 1001 target mep 4002 ...