Example for Configuring Command Line Authorization for Telnet Users Through HWTACACS

Latest reply: Dec 17, 2016 16:00:59 1297 1 0 0

Example for Configuring Command Line Authorization for Telnet Users Through HWTACACS


Specification

This example applies to all AR models of all versions.


Networking Requirements

As shown in Figure 1 a user accesses the network through the Router. The user belongs to the domain huawei.com and the user level is 3. The user does not need to use some level-3 commands. To implement refined management and ensure device security, configure the Router to perform command line authorization for the user through HWTACACS and record the commands executed by the user.

The IP address of the HWTACACS server is 10.1.6.6/24, authentication port number is 49, and authorization port number is 49.

Figure 14-4  HWTACACS-based command line authorization
4ccf4d8909d3473da1422b5d5a26abb4


Procedure

  1. Configure the Router.

  2. Verify the configuration.

    # Choose Start > Run on your computer and enter cmd to open the cmd window. Run the telnet command and enter the user name user1@huawei.com and password Huawei@1234 to log in to the device through Telnet.

    # Run the display authorization-scheme ht command. The command output shows that command line authorization is configured for level-3 users.

Configuration Notes

  • The Router and HWTACACS server must use the same authentication port number.

  • The Router and HWTACACS server must use the same shared key.

  • There must be a reachable route between the Router and HWTACACS server.

  • x
  • convention:

SherryL
Created Dec 17, 2016 16:00:59 Helpful(0) Helpful(0)

ding
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login