beautypg.com

Command accounting configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

Page 268

background image

16

# Set to use username and password authentication when users use VTY 0 to log in to Device. The
command that the user can execute depends on the authentication result.

[Device] user-interface vty 0 4

[Device-ui-vty0-4] authentication-mode scheme

# Enable command authorization to restrict the command level for login users.

[Device-ui-vty0-4] command authorization

[Device-ui-vty0-4] quit

# Create a HWTACACS scheme named tac and configure the IP address and TCP port for the primary
authorization server for the scheme. Ensure that the port number is consistent with that on the
HWTACACS server. Set the shared key for authentication packets to expert for the scheme and the
HWTACACS server type of the scheme to standard. Specify Device to remove the domain name in the
username that is sent to the HWTACACS server.

[Device] hwtacacs scheme tac

[Device-hwtacacs-tac] primary authentication 192.168.2.20 49

[Device-hwtacacs-tac] primary authorization 192.168.2.20 49

[Device-hwtacacs-tac] key authentication expert

[Device-hwtacacs-tac] key authorization expert

[Device-hwtacacs-tac] server-type standard

[Device-hwtacacs-tac] user-name-format without-domain

[Device-hwtacacs-tac] quit

# Configure the default ISP domain system to use HWTACACS scheme tac for login users and use
local authorization as the backup.

[Device] domain system

[Device-isp-system] authentication login hwtacacs-scheme tac local

[Device-isp-system] authorization command hwtacacs-scheme tac local

[Device-isp-system] quit

# Add a local user named monitor, set the user password to 123, and specify to display the password
in cipher text. Authorize user monitor to use the telnet service and specify the level of the user as 1, that
is, the monitor level.

[Device] local-user monitor

[Device-luser-admin] password cipher 123

[Device-luser-admin] service-type telnet

[Device-luser-admin] authorization-attribute level 1

Command Accounting Configuration Example

Network requirements

As shown in

Figure 3

, configure the commands that the login users execute to be recorded on the

HWTACACS server to control and monitor user operations.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: