51
# Configure the HWTACACS scheme.
[Switch] hwtacacs scheme hwtac
[Switch-hwtacacs-hwtac] primary authorization 10.1.1.2 49
[Switch-hwtacacs-hwtac] key authorization expert
[Switch-hwtacacs-hwtac] user-name-format without-domain
[Switch-hwtacacs-hwtac] quit
# Configure the RADIUS scheme.
[Switch] radius scheme rd
[Switch-radius-rd] primary accounting 10.1.1.1 1813
[Switch-radius-rd] key accounting expert
[Switch-radius-rd] server-type extended
[Switch-radius-rd] user-name-format without-domain
[Switch-radius-rd] quit
# Create a local user named hello.
[Switch] local-user hello
[Switch-luser-hello] service-type telnet
[Switch-luser-hello] password simple hello
[Switch-luser-hello] quit
# Configure the AAA methods for the ISP domain.
[Switch] domain bbb
[Switch-isp-bbb] authentication login local
[Switch-isp-bbb] authorization login hwtacacs-scheme hwtac
[Switch-isp-bbb] accounting login radius-scheme rd
[Switch-isp-bbb] quit
2. Verify the configuration
Telnet to the switch as a user and enter the username hello@bbb and the correct password. You pass
authentication and log in to the switch. Issuing the display connection command on the switch, you can
see information about the user connection.
Authentication/authorization for SSH/Telnet users by a
RADIUS server
NOTE:
The configuration of authentication and authorization for SSH users is similar to that for Telnet users. The
following takes SSH users as an example.
Network requirements
As shown in Figure 13, configure the switch to use the RADIUS server for SSH user authentication and
authorization, and to include the domain name in a username sent to the RADIUS server.
Configure an iMC server to act as the RADIUS server, add an account with the username hello@bbb on
the RADIUS server, and configure the RADIUS server to assign the privilege level of 3 to the user after the
user passes authentication.
Set the shared keys for secure RADIUS communication to expert.
To Next Page
Loading...
Need help?
General