Network requirements, Configuration considerations, Configuration procedure – H3C Technologies H3C S7500E Series Switches User Manual
Page 85
3-22
Start=2009-04-26 19:41:12 ,Current=2009-04-26 19:41:25 ,Online=00h00m14s
Total 1 connection matched.
As shown above, the Authorized VLAN field indicates that VLAN 4 has been assigned to the user.
Level Switching Authentication for Telnet Users by an HWTACACS Server
Network requirements
As shown in
z
Connect the Telnet user to the switch and the switch to the HWTACACS server.
z
Configure the switch to use local authentication for the Telnet user and assign the privilege level
of 0 for the user to enjoy after login.
z
Configure the switch to use the HWTACACS server and, if HWTACACS authentication is not
available, use local authentication instead for level switching authentication of the Telnet user.
Figure 3-21 Configure level switching authentication for Telnet users by an HWTACACS server
Configuration considerations
1) Configure the switch to use AAA, particularly, local authentication for Telnet users.
z
Create ISP domain bbb and configure it to use local authentication for Telnet users.
z
Create a local user account, configure the password, and assign the privilege level for the user to
enjoy after login.
2) On the switch, configure the authentication method for user privilege level switching.
z
Specify to use HWTACACS authentication and, if HWTACACS authentication is not available,
use local authentication for user level switching authentication.
z
Configure HWTACACS scheme hwtac and assign an IP address to the HWTACACS server. Set
the shared keys for message exchange and specify that usernames sent to the HWTACACS
server carry no domain name. Configure the domain to use the HWTACACS scheme hwtac for
user privilege level switching authentication.
z
Configure the password for local privilege level switching authentication.
3) On the HWTACACS server, add the username and password for user privilege level switching
authentication.
Configuration procedure
1) Configure the switch
# Configure the IP address of VLAN-interface 2, through which the Telnet user accesses the switch.