The combination of Huawei S2000-HI switch and cisco acs for certification
Case: Huawei S2000-HI switch and cisco acs combined certification I. Networking requirements: a company's internal network adopts unified management, send the authentication tasks for accounts and passwords of all devices to the Radius server (ACS ).
There are no special requirements for routing between the ACS Server and the switch.
Www.2cto.com 2. network topology: lab device: www.2cto.com Windows 2003 (as an acs server) Huawei L2 Switch, one client and three. tutorial steps: 1. install the ACS server (Omitted) 2. import the Huawei private Radius attribute in the cisco ACS. compile h3c. INI file (The following is the file content) [User Defined Vendor] Name = login weiietf Code = 2011VSA 29 = hw_Exec_Privilege [primary] Type = INTEGERProfile = IN OUTEnums = hw_Exec_Privilege-Values [hw_Exec_Privilege-Values] 0 = Access1 = Monitor2 = Manager3 = Administrator note: this file is mainly used to define the value of the private property 2. to import the file defined above to ACS, ACS provides Command interface to import private properties. This step mainly imports h3c. ini to ACS through commands. The import process is as follows: (1) Click the windows Start Menu of ACS Server, Enter cmd in the running process, and open a command line window (2) to enter the bin directory of ACS, by default, the directory is c: \ Program Files \ CiscoSecure ACS v4.0 \ bin (3) run the import command: Select y and continue 3. configure the ACS server interface configuration settings: radius (HuaWei) settings interface configuration advanced options all hook network configuration group settings: hook 015, select telnet settings to hook up the last line, select administrator user settings of Huawei: Add User: Name: test password: 1234564. configure radius authentication on a Huawei switch: radius scheme xxxprimary authentication 192.1 Authentication 123456 accounting optionalserver-type standarduser-name-format without-domainquitdomain h3cradius-scheme xxxaccess-limit enable 10 accounting authentication radius-scheme xxxstate activequituser-interface vty 0 has started commands login password simple 4565. client test: test the logon switch on the client: (use Username: test @ h3c password: 123456, and use super 3 to escalate permissions) The experiment is successful.
Source http://xjzhujunjie.blog.51cto.com/3582724/805240