Configuration example
Network requirements
To monitor and control user operations on the device in
commands executed by users to the HWTACACS server.
Figure 23 Network diagram
Configuration procedure
# Enable the Telnet server.
<Device> system-view
[Device] telnet server enable
# Enable command accounting for user line AUX 0.
[Device] line aux 0
[Device-line-aux0] command accounting
[Device-line-aux0] quit
# Enable command accounting for user lines VTY 0 through VTY 63.
[Device] line vty 0 63
[Device-line-vty0-63] command accounting
[Device-line-vty0-63] quit
# Configure an HWTACACS scheme that does the following:
•
Uses the HWTACACS server at 192.168.2.20:49 for accounting. In this example, the HWTACACS
server provides accounting services at port 49.
Uses the shared key expert.
•
•
Removes domain names from usernames sent to the HWTACACS server.
[Device] hwtacacs scheme tac
[Device-hwtacacs-tac] primary accounting 192.168.2.20 49
[Device-hwtacacs-tac] key accounting expert
Figure
50
23, configure the device to send