Hwtacacs Protocol Configuration Example; Configuring The Ftp/Telnet User Authentication At A Remote Tacacs Server - 3Com 5500-SI Configuration Manual

HWTACACS Protocol
Configuration
Example
Configuring the
FTP/Telnet User
Authentication at a
Remote TACACS Server
Table 684 Displaying and debugging AAA and RADIUS/HWTACACS protocol (continued)
Operation
Reset the statistics of HWTACACS server
Enable RADIUS packet debugging
Disable RADIUS packet debugging
Enable debugging of local RADIUS
authentication server
Disable debugging of local RADIUS
authentication server
Enable HWTACACS debugging
Disable HWTACACS debugging
For the hybrid configuration example of AAA/RADIUS protocol and 802.1x protocol,
refer to Configuration Example in 802.1x Configuration. It will not be detailed here.
Networking requirements
Configure the switch to use a TACACS server to provide AAA services to login users
(see Figure 177).
Connect the switch to one TACACS server (providing the services of authentication
and authorization) with the IP address 10.110.91.164. On the switch, set the shared
key for AAA packet encryption to "expert". Configure the switch to send usernames
to the TACACS server with isp-name removed.
On the TACACS server, set the shared key for encrypting the packets exchanged with
the switch to "expert"; add the usernames and passwords of users.
Networking diagram
See Figure 177.
Networking topology
Figure 177 Configuring the remote RADIUS authentication for Telnet users
telnet user

HWTACACS Protocol Configuration Example 621

Command
reset hwtacacs statistics { accounting |
authentication | authorization | all }
debugging radius packet
undo debugging radius packet
debugging local-server { all | error | event |
packet }
undo debugging local-server { all | error |
event | packet }
debugging hwtacacs { all | error | event |
message | receive-packet | send-packet }
undo debugging hwtacacs { all | error | event
| message | receive-packet | send-packet }
Authentication Servers
( IP address:10.110.91.164 )
Switch
Internet Internet