3Com S7906E Configuration Manual page 1867

Figure 1-14 Configure HWTACACS authentication for level switching users
Vlan-int2
192.168.1.70/24
Telnet user
192.168.1.58/24
Configuration considerations
1) Configure the switch to use AAA, particularly, local authentication for Telnet user authentication.
Create ISP domain bbb and configure it to use local authentication for Telnet user.
Create a local user account, configure the password, and assign the privilege level for the user to
enjoy after login.
2) On the switch, configure the authentication method for user privilege level switching
Specify to use HWTACACS authentication and, if HWTACACS authentication is not available, use
local authentication for user level switching authentication.
Configure HWTACACS scheme hwtac and assign an IP address to the HWTACACS server. Set
the shared keys for message exchange and specify that usernames sent to the HWTACACS
server carry no domain name. Configure the domain to use the HWTACACS scheme hwtac for
user privilege level switching authentication.
Configure the password for local privilege level switching authentication.
3) On the HWTACACS server, add the username and password for user privilege level switching
authentication.
Configuration procedure
1) Configure the switch
# Configure the IP address of VLAN-interface 2, through which the Telnet user accesses the switch.
<Switch> system-view
[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0
[Switch-Vlan-interface2] quit
# Configure the IP address of VLAN-interface 3, through which the switch communicates with the
server.
[Switch] interface vlan-interface 3
[Switch-Vlan-interface3] ip address 10.1.1.2 255.255.255.0
[Switch-Vlan-interface3] quit
# Enable the switch to provide Telnet service.
[Switch] telnet server enable
# Configure the switch to use AAA for Telnet users.
[Switch] user-interface vty 0 4
[Switch-ui-vty0-4] authentication-mode scheme
HWTACACS server
10.1.1.1/24
Vlan-int3
10.1.1.2/24
Switch
1-48
Internet