H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 109
95
[AC] user-interface vty 0 4
[AC-ui-vty0-4] authentication-mode scheme
[AC-ui-vty0-4] quit
# Specify the system predefined ISP domain system as the default ISP domain.
[AC] domain default enable system
# Create an HWTACACS scheme named hwtac.
[AC] hwtacacs scheme hwtac
# Specify the IP address of the primary authentication server as 10.1.1.1 and the port for authentication
as 49.
[AC-hwtacacs-hwtac] primary authentication 10.1.1.1 49
# Set the shared key for authenticating authentication packets to expert.
[AC-hwtacacs-hwtac] key authentication expert
# Specify that usernames sent to the HWTACACS server carry no domain name.
[AC-hwtacacs-hwtac] user-name-format without-domain
[AC-hwtacacs-hwtac] quit
# Configure the ISP domain to use local authentication for Telnet users.
[AC] domain system
[AC-isp-system] authentication login local
# Configure to use HWTACACS scheme hwtac for privilege level switching authentication.
[AC-isp-system] authentication super hwtacacs-scheme hwtac
[AC-isp-system] quit
# Create a local Telnet user account test.
[AC] local-user test
[AC-luser-test] service-type telnet
[AC-luser-test] password simple aabbcc
# Configure the user level of the Telnet user as 0 after user login.
[AC-luser-test] authorization-attribute level 0
[AC-luser-test] quit
# Configure the AC to use the HWTACACS server for level switching authentication, and to use local
authentication as the backup method.
[AC] super authentication-mode scheme local
# Configure the password for privilege level switching authentication as 654321.
[Switch] super password simple 654321
[Switch] quit
3.
Verify the configuration
a.
Establish a connection between the Telnet user and AC
# Telnet to the AC from Client, and enter the username test@bbb and password aabbcc. You log in to the
AC and can access level 0 commands.
b.
Perform user privilege level switching
# Execute the command for switching to user privilege level 3 and enter password pass3 as prompted.
<AC> super 3
Password:
User privilege level is 3, and only those commands can be used