Manualshelf

HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide

ManualsBrandsHP ManualsComputer AccessoriesHP IMC TACACS+ Authentication Manager Software Module Additional 50-node QTY E-LTU
21222324252627282930
18
Enable command line authorization and accounting on different interfaces according to different login
methods.
Configuration example
Take an HP A series or H3C device as an example. The command lines needed for TACACS+
authentication and authorization are as follows:
<Device>system-view
[Device]hwtacacs scheme test
[Device-hwtacacs-test]primary authentication 192.168.0.96 49
[Device-hwtacacs-test]primary authorization 192.168.0.96 49
[Device-hwtacacs-test]primary accounting 192.168.0.96 49
[Device-hwtacacs-test]key authentication hello
[Device-hwtacacs-test]key authorization hello
[Device-hwtacacs-test]key accounting hello
[Device-hwtacacs-test]nas-ip 190.12.0.2
[Device-hwtacacs-test]user-name-format without-domain
[Device-hwtacacs-test]quit
[Device]domain tel
[Device-isp-tel]authentication login hwtacacs-scheme test
[Device-isp-tel]authentication super hwtacacs-scheme test
[Device-isp-tel]authorization login hwtacacs-scheme test
[Device-isp-tel]authorization command hwtacacs-scheme test
[Device-isp-tel]accounting login hwtacacs-scheme test
[Device-isp-tel]accounting command hwtacacs-scheme test
[Device-isp-tel]quit
[Device]user-interface vty 0 4
[Device-ui-vty0-4]authentication-mode scheme
[Device-ui-vty0-4]command authorization
[Device-ui-vty0-4]command accounting
Configuring the PC of the device user
A user only needs to log in to the device by using the related client software.
Comparing the authentication-authorization
methods
The configuration for "TAM local authentication and authorization" and that for "LDAP authorization and
TAM local authorization" have the following similarities and differences:
Device and PC configurations are the same because devices and PCs do not need to be aware of
the authentication and authorization processes.
The device, authorization scenario, authorization command, and authorization policy
configurations on TAM are the same.
For TAM local authentication, you need to create device users on TAM. For LDAP authentication,
you need to perform LDAP configuration such as configuring the LDAP server and synchronization
policies on TAM, which can synchronize device user information from the LDAP server.