3Com 4210G Series Configuration Manual page 848

24-port/48-port

Hide thumbs Also See for 4210G Series:

Getting started manual (78 pages)

Table of Contents

Configuration procedure

# Assign an IP address to Device to make Device be reachable from Host A and HWTACACS server

respectively. The configuration is omitted.

# Enable the telnet service on Device.

<Device> system-view

[Device] telnet server enable

# Set to use username and password authentication when users use VTY 0 to log in to Device. The

command that the user can execute depends on the authentication result.

[Device] user-interface vty 0 4

[Device-ui-vty0-4] authentication-mode scheme

# Enable command authorization to restrict the command level for login users.

[Device-ui-vty0-4] command authorization

[Device-ui-vty0-4] quit

# Create a HWTACACS scheme named tac and configure the IP address and TCP port for the primary

authorization server for the scheme. Ensure that the port number be consistent with that on the

HWTACACS server. Set the shared key for authentication packets to expert for the scheme and the

HWTACACS server type of the scheme to standard. Specify Device to remove the domain name in

the username sent to the HWTACACS server for the scheme.

[Device] hwtacacs scheme tac

[Device-hwtacacs-tac] primary authentication 192.168.2.20 49

[Device-hwtacacs-tac] primary authorization 192.168.2.20 49

[Device-hwtacacs-tac] key authentication expert

[Device-hwtacacs-tac] key authorization expert

[Device-hwtacacs-tac] server-type standard

[Device-hwtacacs-tac] user-name-format without-domain

[Device-hwtacacs-tac] quit

# Configure the default ISP domain system to use HWTACACS scheme tac for login users and use

local authorization as the backup.

[Device] domain system

[Device-isp-system] authentication login hwtacacs-scheme tac local

[Device-isp-system] authorization command hwtacacs-scheme tac local

[Device-isp-system] quit

# Add a local user named monitor, set the user password to 123, and specify to display the password

in cipher text. Authorize user monitor to use the telnet service and specify the level of the user as 1,

that is, the monitor level.

[Device] local-user monitor

[Device-luser-admin] password cipher 123

[Device-luser-admin] service-type telnet

[Device-luser-admin] authorization-attribute level 1

Show Quick Links

Quick Links:
Configuration Guide

Chapters

Table of Contents

Troubleshooting

4210g nt 4210g pwr

3Com 4210G Series Configuration Manual page 848

Hide quick links:

Chapters

Troubleshooting

Related Manuals for 3Com 4210G Series

Related Products for 3Com 4210G Series

This manual is also suitable for:

Table of Contents