设置VTY,允许telnet登录
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
protocol inbound telnet
设置TACACS服务器
hwtacacs-server template hwtacacs-server1
hwtacacs-server authentication 192.168.250.6
hwtacacs-server authorization 192.168.250.6
hwtacacs-server accounting 192.168.250.6
hwtacacs-server shared-key cipher Abc@123.com
quit
认证
aaa
authentication-scheme authentication-hwtacacs
authentication-mode hwtacacs local
authentication-super hwtacacs super
quit
授权
aaa
authorization-scheme authorization-hwtacacs
authorization-mode hwtacacs local
quit
计费
aaa
accounting-scheme accounting-hwtacacs
accounting-mode hwtacacs
accounting realtime 3
accounting start-fail online
quit
设置认证域
aaa
domain linux-hwtacacs
authentication-scheme authentication-hwtacacs
accounting-scheme accounting-hwtacacs
authorization-scheme authorization-hwtacacs
hwtacacs-server hwtacacs-server1
quit
quit
启用认证域
domain linux-hwtacacs admin
再添加一个本地用户,以防TACACS服务器掉线
aaa
local-user admin password irreversible-cipher Abc@123.com
local-user admin privilege level 15
local-user admin service-type telnet terminal http
查看域信息
display domain name linux-hwtacacs
调试
return
terminal monitor
terminal debugging
debugging hwtacacs all
华三V5配置
hwtacacs scheme hwtacacs-server1
primary authentication 192.168.250.6
primary authorization 192.168.250.6
primary accounting 192.168.250.6
key authentication simple Abc@123.com
key authorization simple Abc@123.com
key accounting simple Abc@123.com
user-name-format without-domain
domain hwtacacs-aaa
authentication login hwtacacs-scheme hwtacacs-server1 local
authorization login hwtacacs-scheme hwtacacs-server1 local
accounting login hwtacacs-scheme hwtacacs-server1 local
domain default enable hwtacacs-aaa
super password simple Abc@123.com
user-interface vty 0 15
authentication-mode scheme
user-interface aux 0
authentication-mode password
user privilege level 15
set authentication password simple Abc@123.com
user-interface con 0
authentication-mode password
user privilege level 15
set authentication password cipher Abc@123.com
中兴 ZXR10_3228A 配置(未完成:enable密码不对)
enable secret level 15 5 Abc@123.com
username admin password Abc@123.com
tacacs enable
tacacs-server key Abc@123.com
tacacs-server host 192.168.250.6
aaa group-server tacacs+ hwtacacs-server1
server 192.168.250.6
exit
user-authentication-type tacacs+
aaa authentication enable default group hwtacacs-server1
aaa authentication login default group hwtacacs-server1
user-authorization-type tacacs+
aaa authorization exec default group hwtacacs-server1
aaa authorization commands 15 default group hwtacacs-server1
aaa accounting commands 15 default stop-only group hwtacacs-server1
调试
terminal monitor
!debug all