3Com MSR 50 Series Configuration Manual page 1784

1784 C 93: AAA/RADIUS/HWTACACS C
HAPTER ONFIGURATION
[Router] user-interface vty 0 4
[Router-ui-vty0-4] authentication-mode scheme
[Router-ui-vty0-4] quit
# Create local user named telnet.
[Router] local-user telnet
[Router-luser-telnet] service-type telnet
[Router-luser-telnet] password simple aabbcc
[Router-luser-telnet] quit
# Configure the AAA schemes the ISP domain as local authentication,
authorization and accounting.
[Router] domain system
[Router-isp-system] authentication login local
[Router-isp-system] authorization login local
[Router-isp-system] accounting login local
[Router-isp-system] quit
# You can achieve the same purpose by setting the default AAA schemes for all
types of users.
[Router-isp-system] authentication default local
[Router-isp-system] authorization default local
[Router-isp-system] accounting default local
A user telnetting into the router can use the user name of userid @system for local
authentication.
AAA for PPP Users by a Network requirements
HWTACACS Server
As shown in Figure 519, configure the router to use the HWTACACS server to
assign IP addresses and provide authentication, authorization, and accounting
services to PPP users.
The HWTACACS server is used for authentication, authentication, and accounting.
Its IP address is 10.1.1.1.
On the router, set the shared keys for authentication, authorization, and
accounting packets to expert. Configure the router to remove the domain name
from a user name before sending the user name to the TACACS server.
On the HWTACACS server, set the shared keys for packets exchanged with the
router to expert and add the PPP user names and login passwords.