Operation Manual – AAA-RADIUS-HWTACACS
H3C S3610&S5510 Series Ethernet Switches
Chapter 1 AAA/RADIUS/HWTACACS
Configuration
1-23
To do…
Use the command…
Remarks
Enter system view
system-view
—
Tear down AAA
user connections
forcibly
cut connection
{
access-type
{
dot1x
|
mac-authentication
} |
all
|
domain isp-name
|
interface interface-type interface-number
|
ip
ip-address
|
mac mac-address
|
ucibindex
ucib-index
|
user-name user-name
|
vlan
vlan-id
} [
slot slot-number
]
Required
Applies to
only LAN
access user
connections
at present.
1.4 Configuring RADIUS
The RADIUS protocol is configured scheme by scheme. After creating a RADIUS
scheme, you need to configure the IP addresses and UDP ports of the RADIUS servers
for the scheme. The servers include authentication/authorization servers and
accounting servers, or from another point of view, primary servers and secondary
servers. In another words, the attributes of a RADIUS scheme mainly include IP
addresses of primary and secondary servers, shared key, and RADIUS server type.
Actually, the RADIUS protocol configurations only set the parameters necessary for the
information interaction between a NAS and a RADIUS server. For these settings to take
effect, you must reference the RADIUS scheme containing those settings in ISP
domain view. For information about the commands for referencing a scheme, refer to
Configuring AAA
.
1.4.1 Creating a RADIUS Scheme
Before performing other RADIUS configurations, follow these steps to create a
RADIUS scheme and enter RADIUS scheme view:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create a RADIUS scheme
and enter RADIUS
scheme view
radius scheme
radius-scheme-name
Optional
Not defined by default
Note:
A RADIUS scheme can be referenced by more than one ISP domain at the same time.
1.4.2 Specifying the RADIUS Authentication/Authorization Servers
Follow these steps to specify the RADIUS authentication/authorization servers: