3com S7906E 설치 설명서
1-41
AAA Configuration Examples
AAA for Telnet Users by an HWTACACS Server
Network requirements
As shown in
z
Configure the switch to use the HWTACACS server to provide authentication, authorization, and
accounting services for Telnet users. The IP address of the server is 10.1.1.1/24.
z
Set the shared keys for authentication, authorization, and accounting packets exchanged with the
HWTACACS server to expert. Configure the switch to remove the domain name from a user name
before sending the user name to the HWTACACS server.
Figure 1-9 Configure AAA for Telnet users by an HWTACACS server
Internet
Switch
Telnet user
Authentication/Accounting server
10.1.1.1/24
Configuration procedure
# Configure the IP addresses of the interfaces (omitted).
# Enable the Telnet server on the switch.
<Switch> system-view
[Switch] telnet server enable
# Configure the switch to use AAA for Telnet users.
[Switch] user-interface vty 0 4
[Switch-ui-vty0-4] authentication-mode scheme
[Switch-ui-vty0-4] quit
# Create HWTACACS scheme hwtac.
[Switch] hwtacacs scheme hwtac
# Specify the primary authentication server.
[Switch-hwtacacs-hwtac] primary authentication 10.1.1.1 49
# Specify the primary authorization server.
[Switch-hwtacacs-hwtac] primary authorization 10.1.1.1 49
# Specify the primary accounting server.
[Switch-hwtacacs-hwtac] primary accounting 10.1.1.1 49
# Set the shared key for authentication, authorization, and accounting packets to expert.