Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

Page 269

Figure 3 Network diagram for configuring command accounting

Configuration procedure

# Enable the telnet service on Device.

system-view

[Device] telnet server enable

# Enable command accounting for users logging in through the console port.

[Device] user-interface console 0

[Device-ui-console0] command accounting

[Device-ui-console0] quit

# Enable command accounting for users logging in through telnet or SSH.

[Device] user-interface vty 0 4

[Device-ui-vty0-4] command accounting

[Device-ui-vty0-4] quit

# Create a HWTACACS scheme named tac and configure the IP address and TCP port for the primary
authorization server for the scheme. Ensure that the port number is consistent with that on the
HWTACACS server. Set the shared key for authentication packets to expert for the scheme. Specify
Device to remove the domain name in the username that is sent to the HWTACACS server.

[Device] hwtacacs scheme tac

[Device-hwtacacs-tac] primary accounting 192.168.2.20 49

[Device-hwtacacs-tac] key accounting expert

[Device-hwtacacs-tac] user-name-format without-domain

[Device-hwtacacs-tac] quit

# Create ISP domain system, and configure the ISP domain to use HWTACACS scheme tac for
accounting of command line users

[Device] domain system

[Device-isp-system] accounting command hwtacacs-scheme tac

[Device-isp-system] quit

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecBlade FW Cards H3C SecPath U200-A U200-M U200-S