Operation Manual – AAAH3C S5600 Series Ethernet Switches Chapter 2 AAA Configuration2-36 system-view# Adopt AAA authentication for Telnet users.[Sysname] user-interface vty 0 4[Sysname-ui-vty0-4] authentication-mode scheme[Sysname-ui-vty0-4] quit# Create and configure a local user named telnet.[Sysname] local-user telnet[Sysname-luser-telnet] service-type telnet[Sysname-luser-telnet] password simple aabbcc[Sysname-luser-telnet] quit# Configure an authentication scheme for the default “system” domain.[Sysname] domain system[Sysname-isp-system] scheme localA Telnet user logging into the switch with the name telnet@system belongs to the"system" domain and will be authenticated according to the configuration of the"system" domain.Method 2: using local RADIUS serverThis method is similar to the remote authentication method described in RemoteRADIUS Authentication of Telnet/SSH Users. However, you need to:z Change the server IP address, and the UDP port number of the authenticationserver to 127.0.0.1, and 1645 respectively in the configuration step "Configure aRADIUS scheme" in Remote RADIUS Authentication of Telnet/SSH Users.z Enable the local RADIUS server function, set the IP address and shared key forthe network access server to 127.0.0.1 and aabbcc, respectively.z Configure local users.2.5.3 HWTACACS Authentication and Authorization of Telnet UsersI. Network requirementsYou are required to configure the switch so that the Telnet users logging into the switchare authenticated and authorized by the TACACS server.A TACACS server with IP address 10.110.91.164 is connected to the switch. Thisserver will be used as the authentication and authorization server. On the switch, setboth authentication and authorization shared keys that are used to exchangemessages with the TACACS server to aabbcc. Configure the switch to strip domainnames off usernames before sending usernames to the TACACS server.Configure the shared key to aabbcc on the TACACS server for exchanging messageswith the switch.