z

z

z

Change the server IP address, and the UDP port number of the authentication server to 127.0.0.1, and 1645 respectively in the configuration step "Configure a RADIUS scheme" in Remote RADIUS Authentication of Telnet/SSH Users

Enable the local RADIUS server function, set the IP address and shared key for the network access server to 127.0.0.1 and aabbcc, respectively.

Configure local users.

HWTACACS Authentication and Authorization of Telnet Users

Network requirements

You are required to configure the device so that the Telnet users logging into the switching engine are authenticated and authorized by the TACACS server.

A TACACS server with IP address 10.110.91.164 is connected to the device. This server will be used as the authentication and authorization server. On the device, set both authentication and authorization shared keys that are used to exchange messages with the TACACS server to "expert." Configure the device to strip domain names off user names before sending user names to the TACACS server.

Configure the shared key to “expert” on the TACACS server for exchanging messages with the device.

Figure 2-3Remote HWTACACS authentication and authorization of Telnet users

Authentication server

10. 110.91. 164

Internet

Telnet user

Configuration procedure

#Add a Telnet user. (Omitted here)

#Configure a HWTACACS scheme.

<device> system-view

[device] hwtacacs scheme hwtac

[device-hwtacacs-hwtac] primary authentication 10.110.91.164 49

[device-hwtacacs-hwtac] primary authorization 10.110.91.164 49

[device-hwtacacs-hwtac] key authentication expert

[device-hwtacacs-hwtac] key authorization expert

[device-hwtacacs-hwtac] user-name-format without-domain

[device-hwtacacs-hwtac] quit

# Configure the domain name of the HWTACACS scheme to hwtac.

[device] domain hwtacacs

[device-isp-hwtacacs] scheme hwtacacs-scheme hwtac

2-29

Page 288
Image 288
3Com WX3000 operation manual Hwtacacs Authentication and Authorization of Telnet Users