46[Switch] user-interface vty 0 15[Switch-ui-vty0-15] authentication-mode scheme[Switch-ui-vty0-15] quit# Enable the default-user-role authorization function, so that an SSH user gets the default user rolenetwork-operator after passing authentication.[Switch] role default-role enableVerifying the configurationWhen the user initiates an SSH connection to the switch and enter the correct username and password,the user successfully logs in and can use the commands for the network-operator user role.Local authentication, HWTACACS authorization, and RADIUSaccounting for SSH usersNetwork requirementsAs shown in Figure 12, configure the switch to perform local authentication for SSH servers, use theHWTACACS server and RADIUS server for SSH user authorization and accounting respectively, and toassign the default user role network-operator to SSH users after they pass authentication.Configure an account with the username hello for the SSH user. Configure the shared keys for securecommunication with the HWTACACS server and RADIUS server to expert. Configure the switch toremove domain names from usernames sent to the servers.Figure 12 Network diagramConfiguration procedure1. Configure the HWTACACS server. (Details not shown.)2. Configure the RADIUS server. (Details not shown.)3. Configure the switch:# Assign IP addresses to interfaces. (Details not shown.)# Create local RSA and DSA key pairs. system-view[Switch] public-key local create rsa[Switch] public-key local create dsa# Enable the SSH service.[Switch] ssh server enable