Aaa Configuration Examples; Aaa For Telnet Users By A Hwtacacs Server - H3C S5120-EI Series Operation Manual

To do...
Display information about
buffered stop-accounting
requests that get no responses
Clear HWTACACS statistics
Clear buffered stop-accounting
requests that get no responses

AAA Configuration Examples

AAA for Telnet Users by a HWTACACS Server

Network requirements
As shown in Figure
authorization, and accounting services to login users.
The HWTACACS server is used for authentication, authentication, and accounting. Its IP address
is 10.1.1.1.
On the switch, set the shared keys for authentication, authorization, and accounting packets to
expert. Configure the switch to remove the domain name from a user name before sending the
user name to the HWTACACS server.
On the HWTACACS server, set the shared keys for packets exchanged with the switch to expert.
Figure 1-7 Configure AAA for Telnet users by a HWTACACS server
Telnet user
Configuration procedure
# Configure the IP addresses of the interfaces (omitted).
# Enable the Telnet server on the switch.
<Switch> system-view
[Switch] telnet server enable
# Configure the switch to use AAA for Telnet users.
[Switch] user-interface vty 0 4
[Switch-ui-vty0-4] authentication-mode scheme
display stop-accounting-buffer
hwtacacs-scheme
hwtacacs-scheme-name [ slot
slot-number ]
reset hwtacacs statistics
{ accounting | all | authentication |
authorization } [ slot slot-number ]
reset stop-accounting-buffer
hwtacacs-scheme
hwtacacs-scheme-name [ slot
slot-number ]
1-7, configure the switch to use the HWTACACS server to provide authentication,
Authentication/Accounting server
10.1.1.1/24
Switch
Use the command...
Internet
1-35
Remarks
Available in any view
Available in user view
Available in user view