HP 6125XLG R2306-HP 6125XLG Blade Switch Fundamentals Configuration Guide - Page 65
Configuration procedure
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 65 highlights
Configure the remote-then-local authentication mode for temporary user role. The switch uses the HWTACACS server to provide authentication for obtaining the level-3 user role. If the AAA configuration is invalid or the HWTACACS server does not respond, the switch performs local authentication. Figure 18 Network diagram Configuration procedure 1. Configure the switch: # Assign an IP address to VLAN-interface 2, the interface connected to the Telnet user. system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Assign an IP address to VLAN-interface 3, the interface connected to the HWTACACS server. [Switch] interface vlan-interface 3 [Switch-Vlan-interface3] ip address 10.1.1.2 255.255.255.0 [Switch-Vlan-interface3] quit # Enable Telnet server. [Switch] telnet server enable # Enable scheme authentication on the user interfaces for Telnet users. [Switch] user-interface vty 0 15 [Switch-ui-vty0-15] authentication-mode scheme [Switch-ui-vty0-15] quit # Enable remote-then-local authentication for temporary user role authorization. [Switch] super authentication-mode scheme local # Create the HWTACACS scheme hwtac and enter its view. [Switch] hwtacacs scheme hwtac # Specify the primary authentication server address 10.1.1.1 and the service port 49 in the scheme. [Switch-hwtacacs-hwtac] primary authentication 10.1.1.1 49 # Set the shared key to expert in the scheme for the switch to authenticate to the server. [Switch-hwtacacs-hwtac] key authentication simple expert # Exclude the ISP domain name from the username sent to the HWTACACS server. [Switch-hwtacacs-hwtac] user-name-format without-domain [Switch-hwtacacs-hwtac] quit # Create ISP domain bbb and enter its view. 58