3com S7906E 설치 설명서

 

1-41 

 

As shown in 

z 

Configure the switch to use the HWTACACS server to provide authentication, authorization, and 

accounting services for Telnet users. The IP address of the server is 10.1.1.1/24. 

z 

Set the shared keys for authentication, authorization, and accounting packets exchanged with the 

HWTACACS server to expert. Configure the switch to remove the domain name from a user name 

before sending the user name to the HWTACACS server. 

Figure 1-9 Configure AAA for Telnet users by an HWTACACS server 

Internet

Switch

Telnet user

Authentication/Accounting server

10.1.1.1/24

 

# Configure the IP addresses of the interfaces (omitted). 

# Enable the Telnet server on the switch. 

<Switch> system-view 

[Switch] telnet server enable 

# Configure the switch to use AAA for Telnet users. 

[Switch] user-interface vty 0 4 

[Switch-ui-vty0-4] authentication-mode scheme 

[Switch-ui-vty0-4] quit 

# Create HWTACACS scheme hwtac. 

[Switch] hwtacacs scheme hwtac 

# Specify the primary authentication server. 

[Switch-hwtacacs-hwtac] primary authentication 10.1.1.1 49 

# Specify the primary authorization server. 

[Switch-hwtacacs-hwtac] primary authorization 10.1.1.1 49 

# Specify the primary accounting server. 

[Switch-hwtacacs-hwtac] primary accounting 10.1.1.1 49 

# Set the shared key for authentication, authorization, and accounting packets to expert.