To Next Page

To Previous Page

# Specify the primary authentication server address 10.1.1.1 and the service port 49 in the

scheme.

[Switch-hwtacacs-hwtac] primary authentication 10.1.1.1 49

# Set the shared key to expert in the scheme for the switch to authenticate to the server.

[Switch-hwtacacs-hwtac] key authentication simple expert

# Exclude the ISP domain name from the username sent to the HWTACACS server.

[Switch-hwtacacs-hwtac] user-name-format without-domain

[Switch-hwtacacs-hwtac] quit

# Create ISP domain bbb and enter ISP domain view.

[Switch] domain bbb

# Configure ISP domain bbb to use local authentication for login users.

[Switch-isp-bbb] authentication login local

# Configure ISP domain bbb to use local authorization for login users.

[Switch-isp-bbb] authorization login local

# Apply the HWTACACS scheme hwtac to the ISP domain for user role authentication.

[Switch-isp-bbb] authentication super hwtacacs-scheme hwtac

[Switch-isp-bbb] quit

# Create a device management user named test and enter local user view. Set the service type to

Telnet, and set the password to aabbcc.

[Switch] local-user test class manage

[Switch-luser-manage-test] service-type telnet

[Switch-luser-manage-test] password simple aabbcc

# Assign level-0 to the user.

[Switch-luser-manage-test] authorization-attribute user-role level-0

# Delete the default user role network-operator.

[Switch-luser-manage-test] undo authorization-attribute user-role network-operator

[Switch-luser-manage-test] quit

# Set the local authentication password to 654321 for the user role level-3.

[Switch] super password role level-3 simple 654321

# Set the local authentication password to 654321 for the user role network-admin.

[Switch] super password role network-admin simple 654321

[Switch] quit

2. Configure the HWTACACS server:

This example uses ACSv4.0.

a. Access the User Setup page.

b. Add a user account test. (Details not shown.)

c. In the Advanced TACACS+ Settings area, configure the following parameters:

− Select Level 3 for the Max Privilege for any AAA Client option.

If the target user role is only network-admin for temporary user role authorization, you can

select any level from the Max Privilege for any AAA Client option.

− Select the Use separate password option, and specify enabpass as the password.

Questions and Answers:

Need help?

Do you have a question about the HP 5130 EI series and is the answer not in the manual?

HP 5130 EI series Specifications

General

Layer	Layer 3
VLANs	4094
Multicast Protocols	IGMP, PIM
Operating Temperature	0°C to 45°C
Model	HP 5130 EI
Ports	24 or 48 10/100/1000 ports
Uplink Ports	4 x 1/10G SFP+
Stacking	Up to 9 switches
Power over Ethernet (PoE)	PoE+ (IEEE 802.3at) on PoE+ models (JG936A, JG937A)
Management	Web, CLI, SNMP
MAC Address Table Size	32, 000 entries
Routing Protocols	OSPF, RIP, BGP, static routing
Operating Humidity	10% to 90% (non-condensing)