Manualsbrain.com
  1. Manuales
  2. Marcas
  3. 3com
  4. S7906E
  5. Instruccion De Instalación

3com S7906E Instruccion De Instalación

Descargar
Página de 2621
 
5-3 
Configuration procedure 
# Assign an IP address to Device to make Device be reachable from Host A and HWTACACS server 
respectively. The configuration is omitted. 
# Enable the telnet service on Device. 
<Device> system-view 
[Device] telnet server enable 
# Set to use username and password authentication when users use VTY 0 to log in to Device. The 
command that the user can execute depends on the authentication result. 
[Device] user-interface vty 0 4 
[Device-ui-vty0-4] authentication-mode scheme 
# Enable command authorization to restrict the command level for login users.  
[Device-ui-vty0-4] command authorization 
[Device-ui-vty0-4] quit 
# Create a HWTACACS scheme named tac and configure the IP address and TCP port for the primary 
authorization server for the scheme. Ensure that the port number be consistent with that on the 
HWTACACS server. Set the shared key for authentication packets to expert for the scheme and the 
HWTACACS server type of the scheme to standard. Specify Device to remove the domain name in the 
username sent to the HWTACACS server for the scheme. 
[Device] hwtacacs scheme tac 
[Device-hwtacacs-tac] primary authentication 192.168.2.20 49 
[Device-hwtacacs-tac] primary authorization 192.168.2.20 49 
[Device-hwtacacs-tac] key authentication expert 
[Device-hwtacacs-tac] key authorization expert 
[Device-hwtacacs-tac] server-type standard 
[Device-hwtacacs-tac] user-name-format without-domain 
[Device-hwtacacs-tac] quit 
# Configure the default ISP domain system to use HWTACACS scheme tac for login users and use 
local authorization as the backup. 
[Device] domain system 
[Device-isp-system] authentication login hwtacacs-scheme tac local 
[Device-isp-system] authorization command hwtacacs-scheme tac local 
[Device-isp-system] quit 
# Add a local user named monitor, set the user password to 123, and specify to display the password in 
cipher text. Authorize user monitor to use the telnet service and specify the level of the user as 1, that 
is, the monitor level. 
[Device] local-user monitor 
[Device-luser-admin] password cipher 123 
[Device-luser-admin] service-type telnet 
[Device-luser-admin] authorization-attribute level 1