49
1. Enter system view.
system-view
N/A
2. Create a NAS-
and enter NAS-ID profile
view.
aaa nas-id profile
profile-name N/A
3. Configure a NAS-ID and
VLAN binding
profile.
nas-id
nas-identifier
bind vlan
vlan-id
By default, no NAS-ID and VLAN
binding exists.
Displaying and maintaining AAA
Execute display commands in any view.
Display the configuration of ISP domains.
display domain
[ isp-name ]
AAA configuration examples
AAA for SSH users by an HWTACACS server
Network requirements
As shown in Figure 11, configure the switch to meet the following requirements:
• Use the HWTACACS server for SSH user authentication, authorization, and accounting.
• Assign the default user role network-operator to SSH users after they pass authentication.
• Exclude domain names from the usernames sent to the HWTACACS server.
• Use expert as the shared keys for secure HWTACACS communication.
Figure 11 Network diagram
Configuration procedure
1. Configure the HWTACACS server:
# Set the shared keys for secure communication with the switch to expert. (Details not shown.)
# Add user account hello for the SSH user and specify the password. (Details not shown.)
2. Configure the switch:
# Configure IP addresses for interfaces. (Details not shown.)
Internet
Switch
SSH user
HWTACACS server
10.1.1.1/24
To Next Page
Loading...
Need help?
General