Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
51525354555657585960
58 CHAPTER 4: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION
[secblade] firewall zone untrust
[secblade-zone-untrust] add interface GigabitEthernet 0/0.2
[secblade-zone-untrust] quit
# Configure the static route.
[secblade] ip route-static 0.0.0.0 0 50.0.0.1
[secblade] ip route-static 10.0.0.0 24 30.0.0.1
# Configure the Telnet user to use AAA authentication.
[secblade] user-interface vty 0 4
[secblade-ui-vty0-4] authentication-mode scheme
# Create the local user telnet.
[secblade] local-user telnet@system
[secblade-luser-telnet@system] service-type telnet
[secblade-luser-telnet@system] password simple 3com
[secblade-luser-telnet@system] quit
[secblade] domain system
[secblade-isp-system] scheme local
[secblade-isp-system] quit
Telnet users use usernames in the userid@system format to log onto the network
and are to be authenticated as system domain users.
# Quit IPsec module configuration view.
[secblade] quit
<secblade> quit
[SW8800]
Enabling the TACACS
Server to Employ
One-Time
Authentication
/Accounting on Telnet
Users
Network requirements
In the network environment as shown in the following figure, make proper
configuration to enable the TACACS server to employ one-time password
authentication /accounting on Telnet users.
One TACACS server host, serving as both authentication server and accounting
server, is connected to an IPsec module . The IP address of the server host is
10.0.0.1/24. Set the shared keys both for packet exchange with the
authentication server and with the accounting server as "expert". The TACACS
server provides one-time password authentication, and the IPsec module does not
remove the domain name from the user name but sends them together to the
TACACS server, so the user name you add on the TACACS server should be
"test@tacacs".