Creating a domain, Configuration example, Configuring the pc of the device user – H3C Technologies H3C Intelligent Management Center User Manual

Page 28: Comparing the authentication-authorization methods

Advertising
background image

19

Creating a domain

The scheme used in a domain for login, raising the right, and command-line authorization must be the

TACACS+ scheme that you have just created.

Configuring scheme authentication and enabling command-line authorization and accounting

Configure the scheme authentication on different interfaces for different login methods.
Enable command-line authorization and accounting on different interfaces according to different login

methods.

Configuration example

This example can be used for HP A-Series or H3C devices. Use the following commands for TACACS+

authentication and authorization:

<Device>system-view

[Device]hwtacacs scheme test

[Device-hwtacacs-test]primary authentication 192.168.0.96 49

[Device-hwtacacs-test]primary authorization 192.168.0.96 49

[Device-hwtacacs-test]primary accounting 192.168.0.96 49

[Device-hwtacacs-test]key authentication hello

[Device-hwtacacs-test]key authorization hello

[Device-hwtacacs-test]key accounting hello

[Device-hwtacacs-test]nas-ip 190.12.0.2

[Device-hwtacacs-test]user-name-format without-domain

[Device-hwtacacs-test]quit

[Device]domain tel

[Device-isp-tel]authentication login hwtacacs-scheme test

[Device-isp-tel]authentication super hwtacacs-scheme test

[Device-isp-tel]authorization login hwtacacs-scheme test

[Device-isp-tel]authorization command hwtacacs-scheme test

[Device-isp-tel]accounting login hwtacacs-scheme test

[Device-isp-tel]accounting command hwtacacs-scheme test

[Device-isp-tel]quit

[Device]domain default enable tel

[Device]user-interface vty 0 4

[Device-ui-vty0-4]authentication-mode scheme

[Device-ui-vty0-4]command authorization

[Device-ui-vty0-4]command accounting

Configuring the PC of the device user

A user can log in to the device by using the related client software.

Comparing the authentication-authorization

methods

The configurations for TAM local authentication and authorization and for LDAP authorization and TAM

local authorization have the following similarities and differences:

Advertising
Popular Brands
Popular manuals