beautypg.com

Aaa for telnet users by separate servers, Network requirements – H3C Technologies H3C S7500E Series Switches User Manual

Page 65

background image

3-2

# Set the shared key for authentication, authorization, and accounting packets to expert.

[Switch-hwtacacs-hwtac] key authentication expert

[Switch-hwtacacs-hwtac] key authorization expert

[Switch-hwtacacs-hwtac] key accounting expert

# Specify the scheme to exclude the domain names from usernames to be sent to the HWTACACS

server.

[Switch-hwtacacs-hwtac] user-name-format without-domain

[Switch-hwtacacs-hwtac] quit

# Configure the AAA methods for the domain.

[Switch] domain bbb

[Switch-isp-bbb] authentication login hwtacacs-scheme hwtac

[Switch-isp-bbb] authorization login hwtacacs-scheme hwtac

[Switch-isp-bbb] accounting login hwtacacs-scheme hwtac

[Switch-isp-bbb] quit

You can achieve the same result by setting default AAA methods for all types of users in domain bbb.

[Switch] domain bbb

[Switch-isp-bbb] authentication default hwtacacs-scheme hwtac

[Switch-isp-bbb] authorization default hwtacacs-scheme hwtac

[Switch-isp-bbb] accounting default hwtacacs-scheme hwtac

When telnetting in to the switch, a user enters username userid@bbb for authentication using domain

bbb.

AAA for Telnet Users by Separate Servers

Network requirements

As shown in

Figure 3-2

, configure the switch to provide local authentication, HWTACACS

authorization, and RADIUS accounting services to Telnet users. The user name and the password for

Telnet users are both hello.

z

The HWTACACS server is used for authorization. Its IP address is 10.1.1.2. On the switch, set

the shared keys for packets exchanged with the HWTACACS server to expert. Configure the

switch to remove the domain name from a user name before sending the user name to the

HWTACACS server.

z

The RADIUS server is used for accounting. Its IP address is 10.1.1.1. On the switch, set the

shared keys for packets exchanged with the RADIUS server to expert.

Configuration of separate AAA for other types of users is similar to that given in this example. The only

difference lies in the access type.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: