Configuration procedure – H3C Technologies H3C S7500E Series Switches User Manual

3-3

Figure 3-2 Configure AAA by separate servers for Telnet users

Configuration procedure

# Configure the IP addresses of various interfaces (omitted).

# Enable the Telnet server on the switch.

<Switch> system-view

[Switch] telnet server enable

# Configure the switch to use AAA for Telnet users.

[Switch] user-interface vty 0 4

[Switch-ui-vty0-4] authentication-mode scheme

[Switch-ui-vty0-4] quit

# Configure the HWTACACS scheme.

[Switch] hwtacacs scheme hwtac

[Switch-hwtacacs-hwtac] primary authorization 10.1.1.2 49

[Switch-hwtacacs-hwtac] key authorization expert

[Switch-hwtacacs-hwtac] user-name-format without-domain

[Switch-hwtacacs-hwtac] quit

# Configure the RADIUS scheme.

[Switch] radius scheme rd

[Switch-radius-rd] primary accounting 10.1.1.1 1813

[Switch-radius-rd] key accounting expert

[Switch-radius-rd] server-type extended

[Switch-radius-rd] user-name-format without-domain

[Switch-radius-rd] quit

# Create a local user named hello.

[Switch] local-user hello

[Switch-luser-hello] service-type telnet

[Switch-luser-hello] password simple hello

[Switch-luser-hello] quit

# Configure the AAA methods for the ISP domain.

[Switch] domain bbb

[Switch-isp-bbb] authentication login local

[Switch-isp-bbb] authorization login hwtacacs-scheme hwtac

[Switch-isp-bbb] accounting login radius-scheme rd

[Switch-isp-bbb] quit

You can achieve the same result by setting default AAA methods for all types of users in domain bbb.

[Switch] domain bbb

[Switch-isp-bbb] authentication default local