Manualshelf

H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
871872873874875876877878879880
Operation Manual – AAA RADIUS HWTACACS
H3C S7500E Series Ethernet Switches
Chapter 1 AAA/RADIUS/HWTACACS
Configuration
1-39
1.7 AAA/RADIUS/HWTACACS Configuration Examples
1.7.1 AAA for Telnet Users by a HWTACACS Server
I. Network requirements
As shown in Figure 1-7, configure the switch to use the HWTACACS server to provide
authentication, authorization, and accounting services to login users.
The HWTACACS server is used for authentication, authentication, and accounting. Its
IP address is 10.1.1.1.
On the switch, set the shared keys for authentication, authorization, and accounting
packets to expert. Configure the switch to remove the domain name from a user name
before sending the user name to the HWTACACS server.
On the HWTACACS server, set the shared keys for packets exchanged with the switch
to expert.
II. Network diagram
Internet
Switch
Telnet user
Authentication/Accounting server
10.1.1.1/24
Figure 1-7 Configure AAA for Telnet users by a HWTACACS server
III. Configuration procedure
# Configure the IP addresses of various interfaces (omitted).
# Enable the Telnet server on the switch.
<Switch> system-view
[Switch] telnet server enable
# Configure the switch to use AAA for Telnet users.
[Switch] user-interface vty 0 4
[Switch-ui-vty0-4] authentication-mode scheme
[Switch-ui-vty0-4] quit
# Configure the HWTACACS scheme.
[Switch] hwtacacs scheme hwtac
[Switch-hwtacacs-hwtac] primary authentication 10.1.1.1 49