No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Typical Configuration Examples

CloudEngine 12800, 12800E, 8800, 7800, 6800, and 5800 Series Switches

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Logging In to the Device Through Telnet Based on RADIUS Authentication

Logging In to the Device Through Telnet Based on RADIUS Authentication

Applicable Products and Versions

This example applies to the CE12800/CE6800/CE5800 V100R001C00 or later, the CE7800 V100R003C00 or later, and the CE8800 V100R006C00 or later..

This example applies to the CE12800E V200R002C50 or later.

Networking Requirements

The network administrator requires remote management and maintenance on the device and high network security for preventing the network from unauthorized access. In this scenario, Telnet login based on RADIUS authentication can be configured to meet user requirements.

As shown in Figure 2-16, Switch and the RADIUS server have reachable routes to each other. The IP address and port number of the RADIUS server are and 1812 respectively.

Figure 2-16 Networking diagram of logging in to the device through Telnet based on RADIUS authentication.


When configuring Telnet login based on RADIUS authentication, pay attention to the following:

  • Ensure that the RADIUS server IP address, port number, and shared key in the RADIUS server group are configured correctly and are the same as those on the RADIUS server.
  • Ensure that at least one user has been configured on the RADIUS server. In this example, the user name is admin and the password is huawei@123.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure the RADIUS protocol to implement RADIUS authentication.
  2. Log in to the device through Telnet using the correct user name and password configured on the RADIUS server, ensuring login security.


  1. Configure RADIUS authentication.

    1. Configure a RADIUS server group.

      <HUAWEI> system-view
      [~HUAWEI] sysname Switch
      [*HUAWEI] commit
      [~Switch] radius enable   // Enable the RADIUS protocol.
      [*Switch] radius server group shiva   // Create a RADIUS server group.
      [*Switch-radius-shiva] radius server authentication 1812   // Configure the IP address and port number for the RADIUS server.
      [*Switch-radius-shiva] radius server shared-key-cipher hello   // Configure the shared key for the RADIUS server.
      [*Switch-radius-shiva] radius server retransmit 2   // Set the number of retransmission times to 2.
      [*Switch-radius-shiva] quit
    2. Create an AAA scheme auth and set the authentication method to RADIUS.

      [*Switch] aaa
      [*Switch-aaa] authentication-scheme auth   // Create an authentication scheme.
      [*Switch-aaa-authen-auth] authentication-mode radius   // Set the authentication mode to RADIUS.
      [*Switch-aaa-authen-auth] quit
    3. Create the domain admin123 and bind the AAA scheme auth and RADIUS server group shiva to the domain.

      [*Switch-aaa] domain admin123   // Create a domain.
      [*Switch-aaa-domain-admin123] authentication-scheme auth   // Configure the authentication scheme for the domain.
      [*Switch-aaa-domain-admin123] radius server group shiva   // Configure the RADIUS server group for the domain.
      [*Switch-aaa-domain-admin123] quit
      [*Switch-aaa] quit
      [*Switch] commit

  2. Configure Telnet login.

    [~Switch] undo telnet server disable   // Enable the Telnet server function.
    [*Switch] user-interface vty 0 4   // Enter the user interface views of VTY0 to VTY4.
    [*Switch-ui-vty0-4] authentication-mode aaa   // Set the  authentication mode of users to AAA.
    [*Switch-ui-vty0-4] user privilege level 3   // Set the level of users to 3.
    [*Switch-ui-vty0-4] quit
    [*Switch] commit

Verifying the Configuration

After the preceding configurations are complete, enter the user name admin@admin123 in the format of user name@admin123 and password huawei@123 on the PC for authentication on the domain admin123. The login to Switch succeeds.

Configuration Files

Configuration file of Switch

sysname Switch
radius enable                                                                   
radius server group shiva                                                       
 radius server shared-key-cipher %^%#/<QlUIH(73Bh.=L",g$WA#:UNebO|VaKd7~)`i\=%^%#               
 radius server authentication 1812                                   
 radius server retransmit 2                                                     
 authentication-scheme auth                                                     
  authentication-mode radius                                                    
 domain admin123                                                                
  authentication-scheme auth                                                    
  radius server group shiva                                                     
user-interface vty 0 4                                                          
 authentication-mode aaa                                                        
 user privilege level 3                                                        
Updated: 2019-04-03

Document ID: EDOC1000039339

Views: 117997

Downloads: 7532

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next