H3C devices used hwtacacs for authentication. hwtacacs able to talk to tacacs+ server. The configuration for the H3C devices as below.
###tacacs configuration
hwtacacs scheme hwtac
primary authentication 123.123.123.123 <--- this is the ip address of tacacs+ server
primary authorization 123.123.123.123 <--- most of the time same with authentication
primary accounting 123.123.123.123 <--- depend on configuration, if have dedicated server for accounting, then put the ip address of the accounting server here.
key authentication KEY <--- this key must be same a.k.a match with key at tacacs+ server. this key also case sensitive, every character must be the same as key at server.
key authorization KEY
key accounting KEY
user-name-format without-domain
domain 1
authentication login hwtacacs-scheme hwtac
authorization login hwtacacs-scheme hwtac
accounting login hwtacacs-scheme hwtac
access-limit disable
state active
idle-cut disable
self-service-url disable
domain default enable 1
###end of configuration
i will draw the network diagram and upload it later.
No comments:
Post a Comment