H3C Technologies H3C WX3000 Series Unified Switches User Manual

Page 278

Advertising
background image

25-26

Configuration procedure

Method 1: Using local authentication scheme.

# Enter system view.

<device> system-view

# Adopt AAA authentication for Telnet users.

[device] user-interface vty 0 4

[device-ui-vty0-4] authentication-mode scheme

[device-ui-vty0-4] quit

# Create and configure a local user named "telnet".

[device] local-user telnet

[device-luser-telnet] service-type telnet

[device-luser-telnet] password simple aabbcc

[device-luser-telnet] quit

# Configure an authentication scheme for the default “system” domain.

[device] domain system

[device-isp-system] scheme local

A Telnet user logging into the device with the name telnet@system belongs to the "system" domain and
will be authenticated according to the configuration of the "system" domain.

Method 2: using local RADIUS server

This method is similar to the remote authentication method described in

Remote RADIUS

Authentication of Telnet/SSH Users

. However, you need to

z

Change the server IP address, and the UDP port number of the authentication server to 127.0.0.1,
and 1645 respectively in the configuration step "Configure a RADIUS scheme" in

Remote RADIUS

Authentication of Telnet/SSH Users

z

Enable the local RADIUS server function, set the IP address and shared key for the network
access server to 127.0.0.1 and aabbcc, respectively.

z

Configure local users.

HWTACACS Authentication and Authorization of Telnet Users

Network requirements

You are required to configure the device so that the Telnet users logging into the switching engine are
authenticated and authorized by the TACACS server.

A TACACS server with IP address 10.110.91.164 is connected to the device. This server will be used as
the authentication and authorization server. On the device, set both authentication and authorization
shared keys that are used to exchange messages with the TACACS server to "expert." Configure the
device to strip domain names off user names before sending user names to the TACACS server.

Configure the shared key to “expert” on the TACACS server for exchanging messages with the device.

Advertising
Popular Brands
Popular manuals