Aaa For Telnet Users By Separate Servers - H3C S5500-EI series Operation Manual

Operation Manual – AAA RADIUS HWTACACS
H3C S5500-EI Series Ethernet Switches
[Switch-isp-1] authentication default hwtacacs-scheme hwtac
[Switch-isp-1] authorization default hwtacacs-scheme hwtac
[Switch-isp-1] accounting default hwtacacs-scheme hwtac
[Switch-isp-hwtacacs] accounting default hwtacacs-scheme hwtac

1.7.2 AAA for Telnet Users by Separate Servers

I. Network requirements
As shown in
HWTACACS authorization, and RADIUS accounting services to Telnet users. The user
name and the password for Telnet users are both telnet.
The HWTACACS server is used for authorization. Its IP address is 10.1.1.2. On the
switch, set the shared keys for packets exchanged with the TACACS server to expert.
Configure the switch to remove the domain name from a user name before sending the
user name to the HWTACACS server.
The RADIUS server is used for accounting. Its IP address is 10.1.1.1. On the switch,
set the shared keys for packets exchanged with the RADIUS server to expert.
Configure the switch to remove the domain name from a user name before sending the
user name to the HWTACACS server.
Note:
Configuration of separate AAA for other types of users is similar to that given in this
example. The only difference lies in the access type.
II. Network diagram
Figure 1-8 Configure AAA by separate servers for Telnet users
III. Configuration procedure
# Configure the IP addresses of various interfaces (omitted).
Figure 1-8, configure the switch to provide local authentication,
1-42
Chapter 1 AAA/RADIUS/HWTACACS
Configuration