4-2[Device-ui-vty0-4] quit# Create a RADIUS scheme and configure the IP address and UDP port for the primary authenticationserver for the scheme. Ensure that the port number be consistent with that on the RADIUS server. Setthe shared key for authentication packets to expert for the scheme and the RADIUS server type of thescheme to extended. Specify Device to remove the domain name in the username sent to the RADIUSserver for the RADIUS scheme.[Device] radius scheme rad[Device-radius-rad] primary authentication 192.168.2.20 1812[Device-radius-rad] key authentication expert[Device-radius-rad] server-type extended[Device-radius-rad] user-name-format without-domain[Device-radius-rad] quit# Configure the default ISP domain system to use RADIUS authentication scheme rad for login usersand use local authentication as the backup.[Device] domain system[Device-isp-system] authentication login radius-scheme rad local[Device-isp-system] authorization login radius-scheme rad local[Device-isp-system] quit# Add a local user named monitor, set the user password to 123, and specify to display the password incipher text. Authorize user monitor to use the telnet service and specify the level of the user as 1, thatis, the monitor level.[Device] local-user monitor[Device-luser-admin] password cipher 123[Device-luser-admin] service-type telnet[Device-luser-admin] authorization-attribute level 1Command Authorization Configuration ExampleNetwork diagramAs shown in Figure 4-2, command levels should be configured for different users to secure Device: Aftera user logs in to Device, the commands the user enter must be authorized by the HWTACACS serverfirst before being executed. If the HWTACACS server fails to authorize the commands, localauthorization is used.Figure 4-2 Network diagram for configuring command authorization