Tacacs Authentication/Authorization And Accounting Of Telnet Users - H3C S3610 Series Operation Manual

Operation Manual – AAA & RADIUS & HWTACACS
H3C S3610&S5510 Series Ethernet Switches
This method is similar to the remote authentication method described in section 1.7.1
The differences are as follows:
You need to change the server IP address in the configuration step "Configure a
RADIUS scheme" in section 1.7.1 to 127.0.0.1 and change the UDP port number
for authentication to 1645.
Enable the local RADIUS server and set the IP address of the network access
server to 127.0.0.1 and shared key to expert.
Configure local users.

1.7.3 TACACS Authentication/Authorization and Accounting of Telnet Users

I. Network requirements
You are required to configure the switch so that the Telnet users logging in to the
TACACS server are authenticated, authorized and accounted. Configure the switch to
A TACACS server with IP address 10.110.91.164 is connected to the switch. This
server will be used as the AAA server. On the switch, set the shared key that is used to
exchange packets with the AAA TACACS server to "expert". Configure the switch to
strip off the domain name in the user name to be sent to the TACACS server.
Configure the shared key to "expert" on the TACACS server for exchanging packets
with the switch.
II. Networking diagram
telnet user
Figure 1-9 Remote HWTACACS authentication authorization and accounting of Telne
users
III. Configuration procedure
# Enable Telnet server
<Sysname> system-view
[Sysname] telnet server enable
# Configure Telnet users to use AAA scheme
Authentication
(IP address:10.1
Switch
1-46
Chapter 1 AAA & RADIUS & HWTACAC
Servers
10.91.164)
Internet
S Configuration
t