Инструкции По Установке для 3com S7906E

 

1-42 

[Switch-hwtacacs-hwtac] key authentication expert 

[Switch-hwtacacs-hwtac] key authorization expert 

[Switch-hwtacacs-hwtac] key accounting expert 

# Specify that a username sent to the RADIUS server carries no domain name. 

[Switch-hwtacacs-hwtac] user-name-format without-domain 

[Switch-hwtacacs-hwtac] quit  

# Configure the AAA methods for the domain.  

[Switch] domain bbb 

[Switch-isp-bbb] authentication login hwtacacs-scheme hwtac 

[Switch-isp-bbb] authorization login hwtacacs-scheme hwtac 

[Switch-isp-bbb] accounting login hwtacacs-scheme hwtac 

[Switch-isp-bbb] quit 

# You can achieve the same result by setting default AAA methods for all types of users. 

[Switch] domain bbb 

[Switch-isp-bbb] authentication default hwtacacs-scheme hwtac 

[Switch-isp-bbb] authorization default hwtacacs-scheme hwtac 

[Switch-isp-bbb] accounting default hwtacacs-scheme hwtac 

When telneting into the switch, a user enters username userid@bbb for authentication using domain 

bbb. 

As shown in 

, configure the switch to provide local authentication, HWTACACS 

authorization, and RADIUS accounting services to Telnet users. The user name and the password for 

Telnet users are both hello. 

z 

The HWTACACS server is used for authorization. Its IP address is 10.1.1.2. On the switch, set the 

shared keys for packets exchanged with the HWTACACS server to expert. Configure the switch to 

remove the domain name from a user name before sending the user name to the HWTACACS 

server. 

z 

The RADIUS server is used for accounting. Its IP address is 10.1.1.1. On the switch, set the shared 

keys for packets exchanged with the RADIUS server to expert.  

 

Configuration of separate AAA for other types of users is similar to that given in this example. The only 

difference lies in the access type.