3Com S7906E Configuration Manual page 1868

[Switch-ui-vty0-4] quit
# Specify to use HWTACACS authentication and, if HWTACACS authentication is not available, use
local authentication for user level switching authentication.
[Switch] super authentication-mode scheme local
# Create an HWTACACS scheme named hwtac.
[Switch] hwtacacs scheme hwtac
# Specify the IP address for the primary authentication server as 10.1.1.1 and the port for authentication
as 49.
[Switch-hwtacacs-hwtac] primary authentication 10.1.1.1 49
# Set the shared key for authentication packets to expert.
[Switch-hwtacacs-hwtac] key authentication expert
# Specify that usernames sent to the HWTACACS server carry no domain name.
[Switch-hwtacacs-hwtac] user-name-format without-domain
[Switch-hwtacacs-hwtac] quit
# Create ISP domain bbb.
[Switch] domain bbb
# Configure the ISP domain to use local authentication for Telnet users.
[Switch-isp-bbb] authentication login local
# Configure to use HWTACACS scheme hwtac for privilege level switching authentication.
[Switch-isp-bbb] authentication super hwtacacs-scheme hwtac
[Switch-isp-bbb] quit
# Create a local Telnet user named test.
[Switch] local-user test
[Switch-luser-test] service-type telnet
[Switch-luser-test] password simple aabbcc
# Configure the user level of the Telnet user to 0 after user login.
[Switch-luser-test] authorization-attribute level 0
[Switch-luser-test] quit
# Configure the password for local privilege level switching authentication to 654321.
[Switch] super password simple 654321
[Switch] quit
2) Configure the HWTACACS server
The HWTACACS server in this example runs ACSv4.0.
Add a user named tester on the HWTACACS server and configure advanced attributes for the user as
follows:
1-49