Configuring Authentication At Remote Tacacs Server - H3C S9500 Series Operation Manual
Routing switches
Hide thumbs
Also See for S9500 Series:
- Command manual (1842 pages) ,
- Operation manual (1504 pages) ,
- Operating manual (76 pages)
Table of Contents
Advertisement
Operation Manual – Security
H3C S9500 Series Routing Switches
2.6.3 Configuring Authentication at Remote TACACS Server
I. Network requirements
Configure the switch to use a TACACS server to provide authentication and
authorization services to login users (see the following figure).
Connect the switch to one TACACS server (which acting as a AAA server) with the IP
address 10.110.91.164. On the switch, set the shared key for AAA packet encryption to
"expert". Configure the switch to send usernames to the TACACS server with isp-name
removed.
On the TACACS server, set the shared key for encrypting the packets exchanged with
the switch to "expert" .
II. Network diagram
telnet user
Figure 2-5 Network diagram for TACACS authentication
III. Configuration procedure
# Configure the Telnet user.
Here it is omitted.
Note:
The configuration of the FTP and Telnet users can refer to User Interface
Configuration of Getting Started Operation part in S9500 Series Routing Switches
Operation Manual.
# Configure a HWTACACS scheme.
[H3C] hwtacacs scheme hwtac
[H3C-hwtacacs-hwtac] primary authentication 10.110.91.164
Chapter 2 AAA and RADIUS/HWTACACS
Authentication Servers
( IP address:10.110.91.164 )
Switch
2-37
Protocol Configuration
Internet
Internet
Advertisement
Chapters
Table of Contents
Troubleshooting
