Aaa Configuration Examples; Aaa For Telnet Users By A Hwtacacs Server - H3C S5500-SI Series Operation Manual

Hide thumbs Also See for S5500-SI Series:

Table of Contents

Clear HWTACACS statistics

Clear buffered stop-accounting

requests that get no responses

AAA Configuration Examples

Network requirements

authorization, and accounting services to login users.

The HWTACACS server is used for authentication, authentication, and accounting. Its IP address

is 10.1.1.1.

On the switch, set the shared keys for authentication, authorization, and accounting packets to

expert. Configure the switch to remove the domain name from a user name before sending the

user name to the HWTACACS server.

On the HWTACACS server, set the shared keys for packets exchanged with the switch to expert.

Figure 1-7 Configure AAA for Telnet users by a HWTACACS server

Configuration procedure

# Configure the IP addresses of the interfaces (omitted).

# Enable the Telnet server on the switch.

<Switch> system-view

[Switch] telnet server enable

# Configure the switch to use AAA for Telnet users.

[Switch] user-interface vty 0 4

[Switch-ui-vty0-4] authentication-mode scheme

[Switch-ui-vty0-4] quit

# Configure the HWTACACS scheme.

reset hwtacacs statistics

{ accounting | all | authentication |

authorization }

reset stop-accounting-buffer

hwtacacs-scheme

hwtacacs-scheme-name

1-7, configure the switch to use the HWTACACS server to provide authentication,

Authentication/Accounting server

Use the command...

Available in user view

Table of Contents