3Com Switch 8800 Configuration GuideChapter 40 AAA and RADIUS/TACACS+ Protocol Configuration40-3340.6.2 Configuring Authentication at Local RADIUS Authentication ServerLocal RADIUS authentication of Telnet/FTP users is similar to the remote RADIUSauthentication described in section 40.6.1 . But you should modify the server IPaddress in Figure 40-4 of section 40.6.1 to 127.0.0.1, authentication password to3Com, the UDP port number of the authentication server to 1645.Note:For details about local RADIUS authentication of Telnet/FTP users, refer to “40.3.15Creating/Deleting a Local RADIUS authentication Server”.40.6.3 Configuring Authentication at Remote TACACS ServerI. Network requirementsConfigure the switch to use a TACACS server to provide authentication andauthorization services to login users (see the following figure).Connect the switch to one TACACS server (which acting as a AAA server) with the IPaddress 10.110.91.164. On the switch, set the shared key for AAA packet encryption to“expert”. Configure the switch to send usernames to the TACACS server with isp-nameremoved.On the TACACS server, set the shared key for encrypting the packets exchanged withthe switch to “expert” .II. Network diagramAuthentication Servers( IP address:10.110.91.164 )InternetSwitchtelnet userInternetFigure 40-5 Network diagram for TACACS authentication