4000 Router Series Fundamentals Configuration Guide

Figure 35 Network diagram

Configuration procedure

# Enable the Telnet server.

<Device> system-view

[Device] telnet server enable

# Enable command accounting for user line Console 0.

[Device] line console 0

[Device-line-console0] command accounting

[Device-line-console0] quit

# Enable command accounting for user lines VTY 0 through VTY 4.

[Device] line vty 0 63

[Device-line-vty0-63] command accounting

[Device-line-vty0-63] quit

# Configure an HWTACACS scheme that uses the HWTACACS server at 192.168.2.20:49 for

accounting, uses the shared key expert, and removes domain names from usernames sent to the

HWTACACS server. (In this example, the HWTACACS server provides accounting services at port 49.)

[Device] hwtacacs scheme tac

[Device-hwtacacs-tac] primary accounting 192.168.2.20 49

[Device-hwtacacs-tac] primary authentication 192.168.2.20 49

[Device-hwtacacs-tac] key authentication simple expert

[Device-hwtacacs-tac] key accounting simple expert

[Device-hwtacacs-tac] user-name-format without-domain

[Device-hwtacacs-tac] quit

# Configure the command accounting method for the system-predefined domain system to use the

HWTACACS scheme.

[Device] domain system

[Device-isp-system] accounting command hwtacacs-scheme tac

[Device-isp-system] authentication login hwtacacs-scheme tac