46
[Switch-isp-bbb] authentication default hwtacacs-scheme hwtac
[Switch-isp-bbb] authorization default hwtacacs-scheme hwtac
[Switch-isp-bbb] accounting default hwtacacs-scheme hwtac
When Telnetting in to the switch, a user enters username userid@bbb for authentication using domain
bbb.
AAA for Telnet users by separate servers
Network requirements
As shown in Figure 10, configure the switch to provide local authentication, HWTACACS authorization,
and RADIUS accounting services to Telnet users. The user name and the password for Telnet users are
both hello.
• The HWTACACS server is used for authorization. Its IP address is 10.1.1.2. On the switch, set the
shared keys for packets exchanged with the HWTACACS server to expert. Configure the switch to
remove the domain name from a user name before sending the user name to the HWTACACS
server.
• The RADIUS server is used for accounting. Its IP address is 10.1.1.1. On the switch, set the shared
keys for packets exchanged with the RADIUS server to expert.
NOTE:
Confi
uration of separate AAA for other types of users is similar to that
iven in this example. The only
difference is in the access type.
Figure 10 Configure AAA by separate servers for Telnet users
Configuration procedure
# Configure the IP addresses of various interfaces (omitted).
# Enable the Telnet server on the switch.
<Switch> system-view
[Switch] telnet server enable
# Configure the switch to use AAA for Telnet users.
[Switch] user-interface vty 0 15
[Switch-ui-vty0-15] authentication-mode scheme
[Switch-ui-vty0-15] quit
# Configure the HWTACACS scheme.
To Next Page
Loading...
