44
Displaying and maintaining AAA
Display the configuration
information of ISP domains
display domain [ isp-name ] [ | { begin |
exclude | include } regular-expression ]
Display information about user
connections
display connection [ access-type { dot1x |
mac-authentication | portal } | domain isp-
name | interface interface-type interface-
number | ip ip-address | mac mac-address |
ucibindex ucib-index | user-name user-name |
vlan vlan-id ] [ slot slot-number ] [ | { begin |
exclude | include } regular-expression ]
AAA configuration examples
AAA for Telnet users by an HWTACACS server
Network requirements
As shown in Figure 10, configure the switch to use the HWTACACS server to provide authentication,
authorization, and accounting services for Telnet users. Set the shared keys for authentication,
authorization, and accounting packets exchanged with the HWTACACS server to expert. Specify that the
switch remove the domain names in usernames before sending usernames to the HWTACACS server.
Figure 10 Configure AAA for Telnet users by an HWTACACS server
Internet
Switch
Telnet user
Authentication/Accounting server
10.1.1.1/24
Configuration procedure
# Configure the IP addresses of the interfaces (omitted).
# Enable the Telnet server on the switch.
<Switch> system-view
[Switch] telnet server enable
# Configure the switch to use AAA for Telnet users.
[Switch] user-interface vty 0 4
[Switch-ui-vty0-4] authentication-mode scheme
[Switch-ui-vty0-4] quit
# Create HWTACACS scheme hwtac.
[Switch] hwtacacs scheme hwtac
To Next Page
Loading...
