45
# Specify the primary authentication server.
[Switch-hwtacacs-hwtac] primary authentication 10.1.1.1 49
# Specify the primary authorization server.
[Switch-hwtacacs-hwtac] primary authorization 10.1.1.1 49
# Specify the primary accounting server.
[Switch-hwtacacs-hwtac] primary accounting 10.1.1.1 49
# Set the shared key for authentication, authorization, and accounting packets to expert.
[Switch-hwtacacs-hwtac] key authentication expert
[Switch-hwtacacs-hwtac] key authorization expert
[Switch-hwtacacs-hwtac] key accounting expert
# Configure the scheme to remove the domain names in usernames before sending usernames to the
HWTACACS server.
[Switch-hwtacacs-hwtac] user-name-format without-domain
[Switch-hwtacacs-hwtac] quit
# Configure the AAA methods for the domain, or set default AAA methods for all types of users in the
domain.
[Switch] domain bbb
[Switch-isp-bbb] authentication login hwtacacs-scheme hwtac
[Switch-isp-bbb] authorization login hwtacacs-scheme hwtac
[Switch-isp-bbb] accounting login hwtacacs-scheme hwtac
[Switch-isp-bbb] quit
Or
[Switch] domain bbb
[Switch-isp-bbb] authentication default hwtacacs-scheme hwtac
[Switch-isp-bbb] authorization default hwtacacs-scheme hwtac
[Switch-isp-bbb] accounting default hwtacacs-scheme hwtac
When telnetting to the switch, a user enters username userid@bbb for authentication using domain bbb.
AAA for Telnet users by separate servers
Network requirements
As shown in Figure 11, configure the switch to provide local authentication, HWTACACS authorization,
and RADIUS accounting services for Telnet users. The username and the password for Telnet users are
both hello.
Set the shared keys for packets exchanged with the HWTACACS server and the RADIUS server to expert.
Configure the switch to remove the domain names in usernames before sending usernames to the servers.
NOTE:
Configuration of separate AAA for other types of users is similar to that given in this example. The only
difference is in the access type.
To Next Page
Loading...
Need help?
General