Инструкции По Установке для 3com S7906E
1-42
[Switch-hwtacacs-hwtac] key authentication expert
[Switch-hwtacacs-hwtac] key authorization expert
[Switch-hwtacacs-hwtac] key accounting expert
# Specify that a username sent to the RADIUS server carries no domain name.
[Switch-hwtacacs-hwtac] user-name-format without-domain
[Switch-hwtacacs-hwtac] quit
# Configure the AAA methods for the domain.
[Switch] domain bbb
[Switch-isp-bbb] authentication login hwtacacs-scheme hwtac
[Switch-isp-bbb] authorization login hwtacacs-scheme hwtac
[Switch-isp-bbb] accounting login hwtacacs-scheme hwtac
[Switch-isp-bbb] quit
# You can achieve the same result by setting default AAA methods for all types of users.
[Switch] domain bbb
[Switch-isp-bbb] authentication default hwtacacs-scheme hwtac
[Switch-isp-bbb] authorization default hwtacacs-scheme hwtac
[Switch-isp-bbb] accounting default hwtacacs-scheme hwtac
When telneting into the switch, a user enters username userid@bbb for authentication using domain
bbb.
AAA for Telnet Users by Separate Servers
Network requirements
As shown in
, configure the switch to provide local authentication, HWTACACS
authorization, and RADIUS accounting services to Telnet users. The user name and the password for
Telnet users are both hello.
z
The HWTACACS server is used for authorization. Its IP address is 10.1.1.2. On the switch, set the
shared keys for packets exchanged with the HWTACACS server to expert. Configure the switch to
remove the domain name from a user name before sending the user name to the HWTACACS
server.
z
The RADIUS server is used for accounting. Its IP address is 10.1.1.1. On the switch, set the shared
keys for packets exchanged with the RADIUS server to expert.
Configuration of separate AAA for other types of users is similar to that given in this example. The only
difference lies in the access type.