Command authorization configuration example, Network requirements, Configuration procedure – H3C Technologies H3C S12500 Series Switches User Manual
Page 72
60
scheme to extended. Configure the switch to remove the domain name in the username sent to the
RADIUS server.
[Sysname] radius scheme rad
[Sysname-radius-rad] primary authentication 192.168.2.20 1812
[Sysname-radius-rad] key authentication expert
[Sysname-radius-rad] server-type extended
[Sysname-radius-rad] user-name-format without-domain
[Sysname-radius-rad] quit
# Configure the default ISP domain system to use RADIUS scheme rad for login users and use local
authentication as the backup.
[Sysname] domain system
[Sysname-isp-system] authentication login radius-scheme rad local
[Sysname-isp-system] authorization login radius-scheme rad local
[Sysname-isp-system] quit
# Add a local user named monitor, set the user password to 123, and specify to display the password
in cipher text. Authorize user monitor to use the Telnet service and specify the level of the user as 1, the
monitor level.
[Sysname] local-user monitor
[Sysname-luser-admin] password cipher 123
[Sysname-luser-admin] service-type telnet
[Sysname-luser-admin] authorization-attribute level 1
Command authorization configuration example
Network requirements
As shown in
, configure the switch to use the HWTACACS server to authenticate and perform
command line authorization for users accessing the VTY interfaces 0 through 4, and use local
authentication and authorization as the backup.
Figure 23 Network diagram
Configuration procedure
# Assign an IP address to the switch so that the switch and Host A, and the switch and the HWTACACS
server can reach each other. (Details not shown.)
# Enable the Telnet service on the switch.
<Sysname> system-view
HWTACACS server
192.168.2.20/24
Switch
Host A
IP Network