Aaa configuration examples, Network requirements, Configuration procedure – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

58

Task Command

Remarks

Display information about user
connections.

display connection [ access-type { dot1x |
mac-authentication | portal } | domain
isp-name | interface interface-type

interface-number | ip ip-address | mac

mac-address | ucibindex ucib-index |
user-name user-name | vlan vlan-id ] [ | { begin

| exclude | include } regular-expression ]

Available in any view

AAA configuration examples

HWTACACS authentication and authorization for Telnet users

Network requirements

As shown in

Figure 10

, there is an HWTACACS server at 10.1.1.1/24, which uses the shared key expert

to authenticate AAA packets. Configure the AC to use the HWTACACS server for user authentication
and authorization, send usernames that carry no domain name to the server, and use the shared key

expert to authenticate packets exchanged with the server.

Figure 10 Network diagram

Configuration procedure

1.

Configure the AC

# Assign IP addresses to the interfaces. (Details not shown.)
# Enable the Telnet server on the AC.

<AC> system-view

[AC] telnet server enable

# Configure the AC to use AAA for Telnet users.

[AC] user-interface vty 0 4

[AC-ui-vty0-4] authentication-mode scheme

[AC-ui-vty0-4] quit

# Specify the system predefined ISP domain system as the default ISP domain.

[AC] domain default enable system

# Create HWTACACS scheme hwtac.

[AC] hwtacacs scheme hwtac

Telnet user

Authentication server

10.1.1.1/24

AC

IP network

AP