Operation Manual – AAAH3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration2-35[Sysname] domain system[Sysname-isp-system] scheme localA Telnet user logging into the switch with the name telnet@system belongs to the"system" domain and will be authenticated according to the configuration of the"system" domain.Method 2: using local RADIUS serverThis method is similar to the remote authentication method described in section 2.5.1 .However, you need toz Change the server IP address, and the UDP port number of the authenticationserver to 127.0.0.1, and 1645 respectively in the configuration step "Configure aRADIUS scheme" in section 2.5.1z Enable the local RADIUS server function, set the IP address and shared key forthe network access server to 127.0.0.1 and aabbcc, respectively.z Configure local users.2.5.3 HWTACACS Authentication and Authorization of Telnet UsersI. Network requirementsYou are required to configure the switch so that the Telnet users logging into the switchare authenticated and authorized by the TACACS server.A TACACS server with IP address 10.110.91.164 is connected to the switch. Thisserver will be used as the authentication and authorization server. On the switch, setboth authentication and authorization shared keys that are used to exchangemessages with the TACACS server to "aabbcc." Configure the switch to strip domainnames off user names before sending user names to the TACACS server.Configure the shared key to “aabbcc” on the TACACS server for exchanging messageswith the switch.II. Network diagramFigure 2-3 Remote HWTACACS authentication and authorization of Telnet users