2-23[Sysname-ui-vty0-4] quit# Create and configure a local user named telnet.[Sysname] local-user telnet[Sysname-luser-telnet] service-type telnet[Sysname-luser-telnet] password simple aabbcc[Sysname-luser-telnet] quit# Configure an authentication scheme for the default “system” domain.[Sysname] domain system[Sysname-isp-system] scheme localA Telnet user logging into the switch with the name telnet@system belongs to the "system" domain andwill be authenticated according to the configuration of the "system" domain.Method 2: using local RADIUS serverThis method is similar to the remote authentication method described in Remote RADIUSAuthentication of Telnet/SSH Users. However, you need to:z Change the server IP address, and the UDP port number of the authentication server to 127.0.0.1,and 1645 respectively in the configuration step "Configure a RADIUS scheme" in Remote RADIUSAuthentication of Telnet/SSH Users.z Enable the local RADIUS server function, set the IP address and shared key for the networkaccess server to 127.0.0.1 and aabbcc, respectively.z Configure local users.Troubleshooting AAATroubleshooting RADIUS ConfigurationThe RADIUS protocol operates at the application layer in the TCP/IP protocol suite. This protocolprescribes how the switch and the RADIUS server of the ISP exchange user information with eachother.Symptom 1: User authentication/authorization always fails.Possible reasons and solutions:z The username is not in the userid@isp-name or userid.isp-name format, or the default ISP domainis not correctly specified on the switch — Use the correct username format, or set a default ISPdomain on the switch.z The user is not configured in the database of the RADIUS server — Check the database of theRADIUS server, make sure that the configuration information about the user exists.z The user input an incorrect password — Be sure to input the correct password.z The switch and the RADIUS server have different shared keys — Compare the shared keys at thetwo ends, make sure they are identical.z The switch cannot communicate with the RADIUS server (you can determine by pinging theRADIUS server from the switch) — Take measures to make the switch communicate with theRADIUS server normally.Symptom 2: RADIUS packets cannot be sent to the RADIUS server.Possible reasons and solutions:z The communication links (physical/link layer) between the switch and the RADIUS server isdisconnected/blocked — Take measures to make the links connected/unblocked.