3Com 7757 Configuration Manual page 540

540 C 49: AAA & RADIUS & HWTACACS C
HAPTER
TACACS Authentication,
Authorization, and
Accounting of Telnet
Users
ONFIGURATION
[SW7750] domain system
[SW7750-isp-system] scheme local
A Telnet user logging into the switch with the name telnet@system belongs to the
system domain and will be authenticated according to the configuration of the
system domain.
Method 2: using a local RADIUS server
This method is similar to the remote authentication method described in "Remote
RADIUS Authentication of Telnet/SSH Users" on page 537. You only need to
change the server IP address, the authentication password, and the UDP port
number for authentication service in configuration step "Configure a RADIUS
scheme" in "Remote RADIUS Authentication of Telnet/SSH Users" on page 537 to
127.0.0.1, expert, and 1645 respectively, and configure local users (whether the
name of local user carries domain name should be consistent with the
configuration in RADIUS scheme).
Network requirements
You are required to configure the switch so that the Telnet users logging in to the
TACACS server are authenticated, authorized, and accounted. Configure the
switch to A TACACS server with IP address 10.1.1.1 is connected to the switch.
This server will be used as the AAA server. On the switch, set the shared key that is
used to exchange packets with the AAA TACACS server to "expert". Configure
the switch to strip off the domain name in the user name to be sent to the
TACACS server.
Configure the shared key to "expert" on the TACACS server for exchanging
packets with the switch.
Network diagram
Figure 135 Remote authentication and authorization of Telnet users
Telnet user
Configuration procedure
# Add a Telnet user.
Omitted here
# Configure a HWTACACS scheme.
<SW7750> system-view
[SW7750] hwtacacs scheme hwtac
[SW7750-hwtacacs-hwtac] primary accounting 10.1.1.1 49
Authentication servers
10.1.1.1/24
Internet