Technical data

310 CHAPTER 9: AAA AND RADIUS OPERATION

between the switch and the authentication server is "expert". The switch cuts off

domain name from username and sends the left part to the RADIUS server.

Figure 4 Configuring Remote RADIUS Authentication for Telnet Users

1 Add a Telnet user.

For details about configuring FTP and Telnet users, see “Configuring the User

Interface” on page 12.

2 Configure the remote authentication mode for the Telnet user, in this example, the

scheme mode.

[SW7700-ui-vty0-4] authentication-mode scheme

3 Configure the domain.

[SW7700] domain cams

[SW7700-isp-cams] quit

4 Configure RADIUS scheme.

[SW7700] radius scheme cams

[SW7700-radius-cams] primary authentication 10.110.91.146 1812

[SW7700-radius-cams] key authentication expert

[SW7700-radius-cams] server-type 3com

[SW7700-radius-cams] user-name-format without-domain

5 Configure the association between domain and RADIUS.

[SW7700-radius-cams] quit

[SW7700] domain cams

[SW7700-isp-cams] radius-scheme cams

Configuring FTP/Telnet User Authentication at the Local RADIUS Server

Local RADIUS authentication of Telnet/FTP users is similar to remote RADIUS

authentication. But you should modify the server IP address to 127.0.0.1,

authentication password to 3Com, the UDP port number of the authentication

server to 1645.

For details about local RADIUS authentication of Telnet/FTP users, see

“Configuring a Local RADIUS Server Group”on page 308.

Authentication Servers

(IP address: 10.110.91.164)

Internet

Switch

Telnet user