Configuration Guide for ACS TACACS with H3C S3600
1. Customer requirements:
The telnet user login into the H3C S3600 Switch need to verify the legal by the ACS TACACS authentication。
Devices list: 1 H3C S3600 Switch, 1 ACSv4.0 Server, 1 PC Client
2. Topology:
3. Active Configurations:
I. ACS Configure Guide
(1) Link to the ACS web page
(2) Create AAA Clients
Click “Network Configuration”
Click“Add Entry”
Enter “AAA Client Hostname” , Add“AAA Client IP Address”,and set“Key”, and select the protocol “TACACS+(Cisco IOS)” from “Authenticate Using” list, then click “Submit+Restart” to submit the change.
We will find the new AAA client info from the following list.
(3) Group Setup
Click “Group Setup”
Select the group for example “group1” from the group list, and click“Edit Settings”.
Select “TACACS+” from the “Jump To” list, we will jump to the web page of the TACACS+ settings.
Select Shell(exec) and Privilege level , then input the value of User Privilege level in the “Privilege level”. The scope is between 0~15(3-15 corresponding to the H3C user level 3)。
Then click “Submit+Restart” to submit the change。
(4) Create Users
Click “User Setup”
Enter the user name for example “h3c”, Click “Add/Edit” jump to the editing page then enter “Real Name” and “Description” and password information.
Select the group which the user belong to ,for example Group 1,click “Submit”.
II. Device Configure Guide
(1) Configure hwtacacs
[H3C]hwtacacs scheme acs
[H3C-hwtacacs-acs] primary authentication 1.1.1.4
[H3C-hwtacacs-acs] primary authorization 1.1.1.4
[H3C-hwtacacs-acs] primary accounting 1.1.1.4
[H3C-hwtacacs-acs] key authentication h3c
[H3C-hwtacacs-acs] key authorization h3c
[H3C-hwtacacs-acs] key accounting h3c
[H3C-hwtacacs-acs] user-name-format without-domain
(2) Configure domain
[H3C]domain acs
[H3C-isp-acs] scheme hwtacacs-scheme acs
(3) Set default domain
[H3C] domain default enable acs
(4) Configure user-interface
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] authentication-mode scheme
[H3C-ui-vty0-4] accounting commands scheme
4. Some Advice:
(1) ACS AAA Client IP is the NAS IP of the device.
(2) The key of AAA Client and configure on the hwtacacs of the device should be the same.
(3) The device user-name-format should be corresponding to the ACS configure。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作