Operation Manual – AAA & RADIUS & HWTACACSH3C S3610&S5510 Series Ethernet SwitchesChapter 1 AAA & RADIUS & HWTACACS Configuration1-46This method is similar to the remote authentication method described in section 1.7.1The differences are as follows:z You need to change the server IP address in the configuration step "Configure aRADIUS scheme" in section 1.7.1 to 127.0.0.1 and change the UDP port numberfor authentication to 1645.z Enable the local RADIUS server and set the IP address of the network accessserver to 127.0.0.1 and shared key to expert.z Configure local users.1.7.3 TACACS Authentication/Authorization and Accounting of Telnet UsersI. Network requirementsYou are required to configure the switch so that the Telnet users logging in to theTACACS server are authenticated, authorized and accounted. Configure the switch toA TACACS server with IP address 10.110.91.164 is connected to the switch. Thisserver will be used as the AAA server. On the switch, set the shared key that is used toexchange packets with the AAA TACACS server to "expert". Configure the switch tostrip off the domain name in the user name to be sent to the TACACS server.Configure the shared key to “expert” on the TACACS server for exchanging packetswith the switch.II. Networking diagramtelnet userSwitchAuthentication(IP address:10.1InternetServers10.91.164)tFigure 1-9 Remote HWTACACS authentication authorization and accounting of TelneusersIII. Configuration procedure# Enable Telnet server system-view[Sysname] telnet server enable# Configure Telnet users to use AAA scheme