4-2[Device-ui-vty0-4] quit# Create a RADIUS scheme and configure the IP address and UDP port for the primary authenticationserver for the scheme. Ensure that the port number be consistent with that on the RADIUS server. Setthe shared key for authentication packets to expert for the scheme and the RADIUS server type of thescheme to extended. Specify Device to remove the domain name in the username sent to theRADIUS server for the RADIUS scheme.[Device] radius scheme rad[Device-radius-rad] primary authentication 192.168.2.20 1812[Device-radius-rad] key authentication expert[Device-radius-rad] server-type extended[Device-radius-rad] user-name-format without-domain[Device-radius-rad] quit# Configure the default ISP domain system to use RADIUS authentication scheme rad for login usersand use local authentication as the backup.[Device] domain system[Device-isp-system] authentication login radius-scheme rad local[Device-isp-system] authorization login radius-scheme rad local[Device-isp-system] quit# Add a local user named monitor, set the user password to 123, and specify to display the passwordin cipher text. Authorize user monitor to use the telnet service and specify the level of the user as 1,that is, the monitor level.[Device] local-user monitor[Device-luser-admin] password cipher 123[Device-luser-admin] service-type telnet[Device-luser-admin] authorization-attribute level 1Command Authorization Configuration ExampleNetwork diagramAs shown in Figure 4-2, command levels should be configured for different users to secure Device:After a user logs in to Device, the commands the user enter must be authorized by the HWTACACSserver first before being executed. If the HWTACACS server fails to authorize the commands, localauthorization is used.Figure 4-2 Network diagram for configuring command authorization