3Com S7906E Configuration Manual page 2317

S7900e family release 6600 series

Hide thumbs Also See for S7906E:

Command reference manual (2327 pages)

Getting started manual (155 pages)

Datasheet (8 pages)

Table of Contents

Configuration procedure

# Assign an IP address to Device to make Device be reachable from Host A and HWTACACS server

respectively. The configuration is omitted.

# Enable the telnet service on Device.

<Device> system-view

[Device] telnet server enable

# Set to use username and password authentication when users use VTY 0 to log in to Device. The

command that the user can execute depends on the authentication result.

[Device] user-interface vty 0 4

[Device-ui-vty0-4] authentication-mode scheme

# Enable command authorization to restrict the command level for login users.

[Device-ui-vty0-4] command authorization

[Device-ui-vty0-4] quit

# Create a HWTACACS scheme named tac and configure the IP address and TCP port for the primary

authorization server for the scheme. Ensure that the port number be consistent with that on the

HWTACACS server. Set the shared key for authentication packets to expert for the scheme and the

HWTACACS server type of the scheme to standard. Specify Device to remove the domain name in the

username sent to the HWTACACS server for the scheme.

[Device] hwtacacs scheme tac

[Device-hwtacacs-tac] primary authentication 192.168.2.20 49

[Device-hwtacacs-tac] primary authorization 192.168.2.20 49

[Device-hwtacacs-tac] key authentication expert

[Device-hwtacacs-tac] key authorization expert

[Device-hwtacacs-tac] server-type standard

[Device-hwtacacs-tac] user-name-format without-domain

[Device-hwtacacs-tac] quit

# Configure the default ISP domain system to use HWTACACS scheme tac for login users and use

local authorization as the backup.

[Device] domain system

[Device-isp-system] authentication login hwtacacs-scheme tac local

[Device-isp-system] authorization command hwtacacs-scheme tac local

[Device-isp-system] quit

# Add a local user named monitor, set the user password to 123, and specify to display the password in

cipher text. Authorize user monitor to use the telnet service and specify the level of the user as 1, that

is, the monitor level.

[Device] local-user monitor

[Device-luser-admin] password cipher 123

[Device-luser-admin] service-type telnet

[Device-luser-admin] authorization-attribute level 1

Show Quick Links

Quick Links:
Configuration Guide

Chapters

Table of Contents

Troubleshooting

S7910e S7906e-v S7903e S7903e-s S7902e

3Com S7906E Configuration Manual page 2317

Hide quick links:

Chapters

Troubleshooting

Related Manuals for 3Com S7906E

Related Products for 3Com S7906E

This manual is also suitable for:

Table of Contents