Creating a domain, Configuration example, Configuring the pc of the device user – H3C Technologies H3C Intelligent Management Center User Manual
Page 28: Comparing the authentication-authorization methods
19
Creating a domain
The scheme used in a domain for login, raising the right, and command-line authorization must be the
TACACS+ scheme that you have just created.
Configuring scheme authentication and enabling command-line authorization and accounting
Configure the scheme authentication on different interfaces for different login methods.
Enable command-line authorization and accounting on different interfaces according to different login
methods.
Configuration example
This example can be used for HP A-Series or H3C devices. Use the following commands for TACACS+
authentication and authorization:
[Device]hwtacacs scheme test
[Device-hwtacacs-test]primary authentication 192.168.0.96 49
[Device-hwtacacs-test]primary authorization 192.168.0.96 49
[Device-hwtacacs-test]primary accounting 192.168.0.96 49
[Device-hwtacacs-test]key authentication hello
[Device-hwtacacs-test]key authorization hello
[Device-hwtacacs-test]key accounting hello
[Device-hwtacacs-test]nas-ip 190.12.0.2
[Device-hwtacacs-test]user-name-format without-domain
[Device-hwtacacs-test]quit
[Device]domain tel
[Device-isp-tel]authentication login hwtacacs-scheme test
[Device-isp-tel]authentication super hwtacacs-scheme test
[Device-isp-tel]authorization login hwtacacs-scheme test
[Device-isp-tel]authorization command hwtacacs-scheme test
[Device-isp-tel]accounting login hwtacacs-scheme test
[Device-isp-tel]accounting command hwtacacs-scheme test
[Device-isp-tel]quit
[Device]domain default enable tel
[Device]user-interface vty 0 4
[Device-ui-vty0-4]authentication-mode scheme
[Device-ui-vty0-4]command authorization
[Device-ui-vty0-4]command accounting
Configuring the PC of the device user
A user can log in to the device by using the related client software.
Comparing the authentication-authorization
methods
The configurations for TAM local authentication and authorization and for LDAP authorization and TAM
local authorization have the following similarities and differences: