I. network requirements – H3C Technologies H3C S3100 Series Switches User Manual

Operation Manual – AAA – RADIUS – HWTACACS

H3C S3100-52P Ethernet Switch

Chapter 1 AAA & RADIUS & HWTACACS

Configuration

1-44

[H3C-luser-telnet] service-type telnet

[H3C-luser-telnet] password simple h3c

[H3C-luser-telnet] attribute idle-cut 300 access-limit 5

[H3C-luser-telnet] quit

[H3C] domain system

[H3C-isp-system] scheme local

A Telnet user logging into the switch with the name telnet@system belongs to the
"system" domain and will be authenticated according to the configuration of the
"system" domain.
Method 2: using local RADIUS server
This method is similar to the remote authentication method described in section 1.7.1 .
You only need to change the server IP address, the authentication password, and the
UDP port number of the authentication server to 127.0.0.1, h3c, and 1645 respectively
in the configuration step "Configure a RADIUS scheme" in section 1.7.1 , and configure
local users (whether the names of local users carry domain names should be
consistent with the configuration in the RADIUS scheme).

1.7.3 HWTACACS Authentication and Authorization of Telnet Users

I. Network requirements

You are required to configure the switch so that the Telnet users logging into the switch
are authenticated and authorized by the TACACS server.
A TACACS server with IP address 10.110.91.164 is connected to the switch. This
server will be used as the authentication and authorization server. On the switch, set
both authentication and authorization shared keys that are used to exchange
messages with the TACACS server to "expert". Configure the switch to strip domain
names off user names before sending user names to the TACACS server.
Configure the shared key to “expert” on the TACACS server for exchanging messages
with the switch.