Configuration example
Network requirements
As shown in Figure 18, users need to log in to the device to manage the device.
Configure the device to send commands executed by users to the HWTACACS server to monitor and control user operations on the device.
Figure 18: Network diagram
Configuration procedure
# Enable the Telnet server.
<Device> system-view [Device] telnet server enable
# Enable command accounting for user line AUX 0.
[Device] line aux 0 [Device-line-aux0] command accounting [Device-line-aux0] quit
# Enable command accounting for user lines VTY 0 through VTY 63.
[Device] line vty 0 63 [Device-line-vty0-63] command accounting [Device-line-vty0-63] quit
# Create HWTACACS scheme tac.
[Device] hwtacacs scheme tac
# Configure the scheme to use the HWTACACS server at 192.168.2.20:49 for accounting.
[Device-hwtacacs-tac] primary accounting 192.168.2.20 49
# Set the shared key to expert.
[Device-hwtacacs-tac] key accounting simple expert
# Remove domain names from usernames sent to the HWTACACS server.
[Device-hwtacacs-tac] user-name-format without-domain [Device-hwtacacs-tac] quit
# Configure the system-defined domain (system) to use the HWTACACS scheme for command accounting.
[Device] domain system [Device-isp-system] accounting command hwtacacs-scheme tac [Device-isp-system] quit