Displaying and maintaining AAA
To do...
Display the configuration
information of ISP domains
Display information about user
connections
AAA configuration examples
AAA for Telnet users by an HWTACACS server
Network requirements
As shown in
authorization, and accounting services for Telnet users. Set the shared keys for authentication,
authorization, and accounting packets exchanged with the HWTACACS server to expert. Specify that the
switch remove the domain names in usernames before sending usernames to the HWTACACS server.
Figure 10 Configure AAA for Telnet users by an HWTACACS server
Telnet user
Configuration procedure
# Configure the IP addresses of the interfaces (omitted).
# Enable the Telnet server on the switch.
<Switch> system-view
[Switch] telnet server enable
# Configure the switch to use AAA for Telnet users.
[Switch] user-interface vty 0 4
[Switch-ui-vty0-4] authentication-mode scheme
[Switch-ui-vty0-4] quit
# Create HWTACACS scheme hwtac.
[Switch] hwtacacs scheme hwtac
Use the command...
display domain [ isp-name ] [ | { begin |
exclude | include } regular-expression ]
display connection [ access-type { dot1x |
mac-authentication | portal } | domain isp-
name | interface interface-type interface-
number | ip ip-address | mac mac-address |
ucibindex ucib-index | user-name user-name |
vlan vlan-id ] [ slot slot-number ] [ | { begin |
exclude | include } regular-expression ]
Figure
10, configure the switch to use the HWTACACS server to provide authentication,
Authentication/Accounting server
10.1.1.1/24
Switch
Internet
44
Remarks
Available in any view
Available in any view