Configuration procedure – H3C Technologies H3C S12500 Series Switches User Manual
Page 74
62
Figure 24 Network diagram
Configuration procedure
# Enable the Telnet service on switch.
<Sysname> system-view
[Sysname] telnet server enable
# Enable command accounting for users logging in through the console port.
[Sysname] user-interface console 0
[Sysname-ui-console0] command accounting
[Sysname-ui-console0] quit
# Enable command accounting for users logging in through Telnet or SSH.
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] command accounting
[Sysname-ui-vty0-4] quit
# Create an HWTACACS scheme named tac and configure the IP address and TCP port for the primary
authorization server for the scheme. Make sure that the port number is consistent with that on the
HWTACACS server. Set the shared key for authentication packets to expert for the scheme. Configure
switch to remove the domain name in the username sent to the HWTACACS server.
[Sysname] hwtacacs scheme tac
[Sysname-hwtacacs-tac] primary accounting 192.168.2.20 49
[Sysname-hwtacacs-tac] key accounting expert
[Sysname-hwtacacs-tac] user-name-format without-domain
[Sysname-hwtacacs-tac] quit
# Create ISP domain system, and configure the ISP domain to use HWTACACS scheme tac for
accounting of command line users.
[Sysname] domain system
[Sysname-isp-system] accounting command hwtacacs-scheme tac
[Sysname-isp-system] quit
Host A
192.168.2.20/24
Console Connection
Switch
Host C
Host B
192.168.1.20/24
Internet
HWTACACS server
10.10.10.10/24
Intranet