Monday, November 7, 2011

ComWare authentication with Cisco Secure ACS

As I'm writing a presentation on Cisco-HP-3Com interoperability, I realized I forgot to post this config a while ago.

The basic setup: we have 2 Cisco ACS servers as RADIUS/TACACS servers, for network management purposes. Both the network devices and the VPN service on the ASA cluster authenticates with them. Setting up Cisco and HP Procurve to use RADIUS is almost the same, but Comware differs significantly.

After an afternoon well spent, here's what I've come up with:

local-server nas-ip key 3com
radius scheme system
radius scheme ceu
server-type standard
primary authentication
secondary authentication
accounting optional
key authentication XXXXXXX
user-name-format without-domain
domain local
domain system
scheme radius-scheme ceu
user-interface aux 0
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme

No comments:

Post a Comment