Operation Manual – AAA & RADIUS & HWTACACS & EADH3C S7500 Series Ethernet SwitchesChapter 1 AAA & RADIUS & HWTACACSConfiguration1-441.7.3 TACACS Authentication, Authorization, and Accounting of TelnetUsersI. Network requirementsThe switch needs to be configured so that the Telnet users logging in to the TACACSserver are authenticated, authorized, and accounted.A TACACS server with IP address 10.110.91.164 is connected to the switch. Thisserver will be used as the AAA server. On the switch, set the shared key that is used toexchange packets with the AAA TACACS server as expert. Configure the switch tostrip off the domain name in the user name to be sent to the TACACS server.Configure the shared key as expert on the TACACS server for exchanging packetswith the switch.II. Network diagramInterneterssTelnet UserAuthentication Serv10.110.91.164Figure 1-9 Remote TACACS authentication and authorization of Telnet userIII. Configuration procedure# Add a Telnet user.Omitted here# Configure a HWTACACS scheme. system-view[H3C] hwtacacs scheme hwtac[H3C-hwtacacs-hwtac] primary accounting 10.110.91.164 49[H3C-hwtacacs-hwtac] primary authentication 10.110.91.164 49[H3C-hwtacacs-hwtac] primary authorization 10.110.91.164 49[H3C-hwtacacs-hwtac] key accounting expert[H3C-hwtacacs-hwtac] key authentication expert[H3C-hwtacacs-hwtac] key authorization expert[H3C-hwtacacs-hwtac] user-name-format without-domain[H3C-hwtacacs-hwtac] quit# Configure the HWTACACS scheme hwtac to be referenced by the domain.[H3C] domain hwtacacs