4-3
Configuration procedure
# Assign an IP address to Device to make Device be reachable from Host A and HWTACACS server
respectively. The configuration is omitted.
# Enable the telnet service on Device.
<Device> system-view
[Device] telnet server enable
# Set to use username and password authentication when users use VTY 0 to log in to Device. The
command that the user can execute depends on the authentication result.
[Device] user-interface vty 0 4
[Device-ui-vty0-4] authentication-mode scheme
# Enable command authorization to restrict the command level for login users.
[Device-ui-vty0-4] command authorization
[Device-ui-vty0-4] quit
# Create a HWTACACS scheme named
tac
and configure the IP address and TCP port for the primary
authorization server for the scheme. Ensure that the port number be consistent with that on the
HWTACACS server. Set the shared key for authentication packets to
expert
for the scheme and the
HWTACACS server type of the scheme to
standard
. Specify Device to remove the domain name in
the username sent to the HWTACACS server for the scheme.
[Device] hwtacacs scheme tac
[Device-hwtacacs-tac] primary authentication 192.168.2.20 49
[Device-hwtacacs-tac] primary authorization 192.168.2.20 49
[Device-hwtacacs-tac] key authentication expert
[Device-hwtacacs-tac] key authorization expert
[Device-hwtacacs-tac] server-type standard
[Device-hwtacacs-tac] user-name-format without-domain
[Device-hwtacacs-tac] quit
# Configure the default ISP domain
system
to use HWTACACS scheme
tac
for login users and use
local authorization as the backup.
[Device] domain system
[Device-isp-system] authentication login hwtacacs-scheme tac local
[Device-isp-system] authorization command hwtacacs-scheme tac local
[Device-isp-system] quit
# Add a local user named
monitor
, set the user password to
123
, and specify to display the password
in cipher text. Authorize user
monitor
to use the telnet service and specify the level of the user as 1,
that is, the monitor level.
[Device] local-user monitor
[Device-luser-admin] password cipher 123
[Device-luser-admin] service-type telnet
[Device-luser-admin] authorization-attribute level 1
Summary of Contents for 4210G Series
Page 459: ...4 8...
Page 493: ...12 1...
Page 968: ...19 6 000f e235 dc71 1 Config static GigabitEthernet 1 0 1 NOAGED 1 mac address es found...