HP 3600 v2 Series Configuration Manual page 72

# Use HWTACACS authentication for user level switching authentication and, if HWTACACS
authentication is not available, use local authentication.
[Switch] super authentication-mode scheme local
# Create an HWTACACS scheme named hwtac.
[Switch] hwtacacs scheme hwtac
# Specify the IP address for the primary authentication server as 10.1.1.1 and the port for
authentication as 49.
[Switch-hwtacacs-hwtac] primary authentication 10.1.1.1 49
# Set the shared key for secure authentication communication to expert.
[Switch-hwtacacs-hwtac] key authentication simple expert
# Configure the scheme to remove the domain name from a username before sending the
username to the HWTACACS server.
[Switch-hwtacacs-hwtac] user-name-format without-domain
[Switch-hwtacacs-hwtac] quit
# Create ISP domain bbb.
[Switch] domain bbb
# Configure the ISP domain to use local authentication for Telnet users.
[Switch-isp-bbb] authentication login local
# Configure to use HWTACACS scheme hwtac for privilege level switching authentication.
[Switch-isp-bbb] authentication super hwtacacs-scheme hwtac
[Switch-isp-bbb] quit
# Create a local Telnet user named test.
[Switch] local-user test
[Switch-luser-test] service-type telnet
[Switch-luser-test] password simple aabbcc
# Configure the user level of the Telnet user to 0 after user login.
[Switch-luser-test] authorization-attribute level 0
[Switch-luser-test] quit
# Configure the password for local privilege level switching authentication to 654321.
[Switch] super password simple 654321
[Switch] quit
2. Configure the HWTACACS server:
NOTE:
The HWTACACS server in this example runs ACSv4.0.
Add a user named test on the HWTACACS server and configure advanced attributes for the user
as shown in Figure
Select Max Privilege for any AAA Client and set the privilege level to level 3. This setting
requires the user to enter the password when switching to level 1, level 2, or level 3.
Select Use separate password and specify the password as enabpass.
17:
59