H3C LS-3100-52P-OVS-H3 Operation Manual - page 1341
1-38
[Switch-isp-bbb] quit
# Configure the default AAA methods for all types of users.
[Switch] domain bbb
[Switch-isp-bbb] authentication default local
[Switch-isp-bbb] authorization default hwtacacs-scheme hwtac
[Switch-isp-bbb] accounting default radius-scheme cams
When telneting into the switch, a user enters username telnet@bbb for authentication using domain
bbb.
AAA for SSH Users by a RADIUS Server
Network requirements
As shown in
Figure 1-9
, configure the switch to use the RADIUS server to provide authentication,
authorization, and accounting services to SSH users.
z
The RADIUS server is responsible for both authentication and accounting. Its IP address is
10.1.1.1.
z
On the switch, set both the shared keys for authentication and accounting packets to expert; and
specify that the usernames sent to the RADIUS server carry the domain name.
z
The RADIUS server runs the CAMS server.
Figure 1-9 Configure AAA for SSH users by a RADIUS server
Internet
Switch
SSH user
RADIUS server
10.1.1.1/24
Vlan-int2
192.168.1.70/24
Configuration procedure
1) Configure the RADIUS server.
This example assumes that the RADIUS server runs the CAMS server Version 2.10.
# Add an access device.
Log into the CAMS management platform and select System Management > System Configuration
from the navigation tree. In the System Configuration window, click Modify of the Access Device
item, and then click Add to enter the Add Access Device window and perform the following
configurations: