Monday, November 7, 2011

ComWare authentication with Cisco Secure ACS

As I'm writing a presentation on Cisco-HP-3Com interoperability, I realized I forgot to post this config a while ago.

The basic setup: we have 2 Cisco ACS servers as RADIUS/TACACS servers, for network management purposes. Both the network devices and the VPN service on the ASA cluster authenticates with them. Setting up Cisco and HP Procurve to use RADIUS is almost the same, but Comware differs significantly.

After an afternoon well spent, here's what I've come up with:

#
local-server nas-ip 127.0.0.1 key 3com
#
radius scheme system
nas-ip 127.0.0.1
radius scheme ceu
server-type standard
primary authentication 10.0.0.10
secondary authentication 10.0.0.11
accounting optional
key authentication XXXXXXX
user-name-format without-domain
#
domain local
domain system
scheme radius-scheme ceu
#
user-interface aux 0
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme

No comments:

Post a Comment