【原创】华为交换机HWTACACS认证配置

赵庆明老师

已于 2023-10-13 17:57:52 修改

阅读量1.1k

点赞数 1

分类专栏：交换机路由器文章标签： tacacs hwtacacs

于 2023-10-11 18:26:42 首次发布

本文链接：https://blog.csdn.net/u013667796/article/details/133776146

版权

交换机同时被 2 个专栏收录

10 篇文章 1 订阅

订阅专栏

路由器

4 篇文章 0 订阅

订阅专栏

设置VTY，允许telnet登录

user-interface vty 0 4
 authentication-mode aaa
 user privilege level 15
 protocol inbound telnet

设置TACACS服务器

hwtacacs-server template hwtacacs-server1
 hwtacacs-server authentication 192.168.250.6
 hwtacacs-server authorization 192.168.250.6
 hwtacacs-server accounting 192.168.250.6
 hwtacacs-server shared-key cipher Abc@123.com
 quit

认证

aaa
 authentication-scheme authentication-hwtacacs
  authentication-mode hwtacacs local
  authentication-super hwtacacs super
  quit

授权

aaa
 authorization-scheme authorization-hwtacacs
  authorization-mode hwtacacs local
  quit

计费

aaa
 accounting-scheme accounting-hwtacacs
  accounting-mode hwtacacs
  accounting realtime 3
  accounting start-fail online
  quit

设置认证域

aaa
 domain linux-hwtacacs
  authentication-scheme authentication-hwtacacs
  accounting-scheme accounting-hwtacacs
  authorization-scheme authorization-hwtacacs
  hwtacacs-server hwtacacs-server1
 quit
 quit

启用认证域

domain linux-hwtacacs admin

再添加一个本地用户，以防TACACS服务器掉线

aaa
local-user admin password irreversible-cipher Abc@123.com
 local-user admin privilege level 15
 local-user admin service-type telnet terminal http

查看域信息

display domain name linux-hwtacacs

调试

return
terminal monitor
terminal debugging
debugging hwtacacs all

华三V5配置

hwtacacs scheme hwtacacs-server1
 primary authentication 192.168.250.6
 primary authorization 192.168.250.6
 primary accounting 192.168.250.6
 key authentication simple Abc@123.com
 key authorization simple Abc@123.com
 key accounting simple Abc@123.com
 user-name-format without-domain

domain hwtacacs-aaa
 authentication login hwtacacs-scheme hwtacacs-server1 local
 authorization login hwtacacs-scheme hwtacacs-server1 local
 accounting login hwtacacs-scheme hwtacacs-server1  local
 domain default enable hwtacacs-aaa

super password simple Abc@123.com

user-interface vty 0 15
 authentication-mode scheme 

user-interface aux 0
 authentication-mode password
 user privilege level 15
 set authentication password simple Abc@123.com

user-interface con 0
 authentication-mode password
 user privilege level 15
 set authentication password cipher Abc@123.com

中兴 ZXR10_3228A 配置（未完成：enable密码不对）

enable secret level 15 5 Abc@123.com
username admin password Abc@123.com

tacacs enable
tacacs-server key Abc@123.com
tacacs-server host 192.168.250.6

aaa group-server tacacs+ hwtacacs-server1
server 192.168.250.6
exit

user-authentication-type tacacs+
aaa authentication enable default group hwtacacs-server1
aaa authentication login default group hwtacacs-server1

user-authorization-type tacacs+
aaa authorization exec default group hwtacacs-server1
aaa authorization commands 15 default group hwtacacs-server1

aaa accounting commands 15 default stop-only group hwtacacs-server1