61
super Set the current user priority level
telnet Establish one TELNET connection
tracert Trace route function
When switching to user privilege level 3, the Telnet user only needs to enter password enabpass
as prompted.
<Switch> super 3
Password:
User privilege level is 3, and only those commands can be used
whose level is equal or less than this.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE
If the HWTACACS server is not available, the Telnet user needs to enter password 654321 as
prompted for local authentication.
<Switch> super 3
Password: Ã… Enter the password for HWTACACS privilege level switch authentication
Error: Invalid configuration or no response from the authentication server.
Info: Change authentication mode to local.
Password: Ã… Enter the password for local privilege level switch authentication
User privilege level is 3, and only those commands can be used
whose level is equal or less than this.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE
RADIUS authentication and authorization for Telnet users by a
switch
Network requirements
As shown in Figure 18, configure Switch B to act as a RADIUS server to provide authentication and
authorization for the Telnet user on port 1645.
Configure Switch A to use the RADIUS server for Telnet user authentication and authorization, and to
remove the domain name in a username sent to the server.
Set the shared keys for secure communication between the NAS and the RADIUS server to abc.
Figure 18 Network diagram
Configuration procedure
1. Assign an IP address to each interface as shown in Figure 18. (Details not shown.)
2. Configure the NAS:
# Enable the Telnet server on Switch A.
<SwitchA> system-view
[SwitchA] telnet server enable
# Configure Switch A to use AAA for Telnet users.
[SwitchA] user-interface vty 0 4
Telnet user
192.168.1.2
Switch A Switch B
NAS RADIUS server
Vlan-int2
10.1.1.1/24
Vlan-int2
10.1.1.2/24
Vlan-int3
192.168.1.1/24
To Next Page
Loading...
Need help?
General