# Set the shared keys for secure authentication, authorization, and accounting communication to
expert.
[Switch-hwtacacs-hwtac] key authentication simple expert
[Switch-hwtacacs-hwtac] key authorization simple expert
[Switch-hwtacacs-hwtac] key accounting simple expert
# Remove domain names from the usernames sent to the HWTACACS server.
[Switch-hwtacacs-hwtac] user-name-format without-domain
[Switch-hwtacacs-hwtac] quit
# Configure the AAA methods for the domain.
[Switch] domain bbb
[Switch-isp-bbb] authentication login hwtacacs-scheme hwtac
[Switch-isp-bbb] authorization login hwtacacs-scheme hwtac
[Switch-isp-bbb] accounting login hwtacacs-scheme hwtac
[Switch-isp-bbb] quit
3.
Verify the configuration:
Telnet to the switch, and enter the correct username and password. You pass authentication and
log in to the switch. Use the display connection command on the switch to see information about
the user connection.
Local authentication and authorization for Telnet users
Network requirements
As shown in
users.
Figure 11 Network diagram
Configuration procedure
1.
Configure the switch:
# Assign IP addresses to interfaces. (Details not shown.)
# Configure the IP address of VLAN-interface 2.
<Switch> system-view
[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0
[Switch-Vlan-interface2] quit
# Enable the Telnet server on the switch.
[Switch] telnet server enable
# Configure the switch to use AAA for Telnet users.
[Switch] user-interface vty 0 15
[Switch-ui-vty0-15] authentication-mode scheme
[Switch-ui-vty0-15] quit
# Create a local user named hello.
Figure 1
1, configure the switch to perform local authentication and authorization for Telnet
48