36
Configuration procedure
1.
Configure the switch:
# Assign an IP address to VLAN-interface 2 (the interface connected to the Telnet user).
<Switch> system-view
[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0
[Switch-Vlan-interface2] quit
# Assign an IP address to VLAN-interface 3 (the interface connected to the HWTACACS
server).
[Switch] interface vlan-interface 3
[Switch-Vlan-interface3] ip address 10.1.1.2 255.255.255.0
[Switch-Vlan-interface3] quit
# Enable Telnet server.
[Switch] telnet server enable
# Enable scheme authentication on the user lines for Telnet users.
[Switch] line vty 0 63
[Switch-line-vty0-63] authentication-mode scheme
[Switch-line-vty0-63] quit
# Enable remote-then-local authentication for temporary user role authorization.
[Switch] super authentication-mode scheme local
# Create HWTACACS scheme
hwtac
and enter HWTACACS scheme view.
[Switch] hwtacacs scheme hwtac
# Specify the primary authentication server address and the service port in the scheme.
[Switch-hwtacacs-hwtac] primary authentication 10.1.1.1 49
# Set the shared key to
expert
in the scheme for the switch to authenticate to the server.
[Switch-hwtacacs-hwtac] key authentication simple expert
# Exclude ISP domain names from the usernames sent to the HWTACACS server.
[Switch-hwtacacs-hwtac] user-name-format without-domain
[Switch-hwtacacs-hwtac] quit
# Create ISP domain
bbb
and enter ISP domain view.
[Switch] domain bbb
# Configure ISP domain
bbb
to use local authentication for login users.
[Switch-isp-bbb] authentication login local
# Configure ISP domain
bbb
to use local authorization for login users.
[Switch-isp-bbb] authorization login local
# Apply HWTACACS scheme
hwtac
to the ISP domain for user role authentication.
[Switch-isp-bbb] authentication super hwtacacs-scheme hwtac
[Switch-isp-bbb] quit
# Create a device management user named
test
and enter local user view.
[Switch] local-user test class manage
# Set the user service type to
Telnet
.
[Switch-luser-manage-test] service-type telnet
# Set the user password to
aabbcc
.
[Switch-luser-manage-test] password simple aabbcc
# Assign
level-0
to the user.
[Switch-luser-manage-test] authorization-attribute user-role level-0
Содержание FlexNetwork 10500 Series
Страница 139: ...130 Sysname display version ...