3 aaa configuration examples, Aaa configuration examples, Aaa for telnet users by an hwtacacs server – H3C Technologies H3C S7500E Series Switches User Manual

3-1

3

AAA Configuration Examples

AAA Configuration Examples

AAA for Telnet Users by an HWTACACS Server

Network requirements

As shown in

Figure 3-1

,

z

Configure the switch to use the HWTACACS server to provide authentication, authorization, and

accounting services for Telnet users. The IP address of the server is 10.1.1.1/24.

z

Set the shared keys for authentication, authorization, and accounting packets exchanged with the

HWTACACS server to expert. Configure the switch to remove the domain name from a user

name before sending the user name to the HWTACACS server.

Figure 3-1 Configure AAA for Telnet users by an HWTACACS server

Configuration procedure

# Configure the IP addresses of the interfaces (omitted).

# Enable the Telnet server on the switch.

system-view

[Switch] telnet server enable

# Configure the switch to use AAA for Telnet users.

[Switch] user-interface vty 0 4

[Switch-ui-vty0-4] authentication-mode scheme

[Switch-ui-vty0-4] quit

# Create HWTACACS scheme hwtac.

[Switch] hwtacacs scheme hwtac

# Specify the primary authentication server.

[Switch-hwtacacs-hwtac] primary authentication 10.1.1.1 49

# Specify the primary authorization server.

[Switch-hwtacacs-hwtac] primary authorization 10.1.1.1 49

# Specify the primary accounting server.

[Switch-hwtacacs-hwtac] primary accounting 10.1.1.1 49