H3C MSR9XX Configuration prepare h3c device for tacacs and test

Add H3C MSR9XX to TacacsGUI. H3C MSR920 Configuration

---

• H3C MSR920 Router Configuration

• Auth with Tacacs user

---

Prepare a device.

system-view
interface Vlan-interface1
 ip address interface ip address network mask
 undo shutdown
 quit
ip route-static 0.0.0.0 0.0.0.0 default gateway#in case if tacacsgui inside of another network
ssh server enable
quit

Test communication to tacacs server.

ping 10.6.20.10
  PING 10.6.20.10: 56  data bytes, press CTRL_C to break
    Reply from 10.6.20.10: bytes=56 Sequence=0 ttl=62 time=6 ms
    Reply from 10.6.20.10: bytes=56 Sequence=1 ttl=62 time=5 ms
    Reply from 10.6.20.10: bytes=56 Sequence=2 ttl=62 time=4 ms
    Reply from 10.6.20.10: bytes=56 Sequence=3 ttl=62 time=4 ms
    Reply from 10.6.20.10: bytes=56 Sequence=4 ttl=62 time=5 ms

  --- 10.6.20.10 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 4/4/6 ms

Tacacs Server Configuration

system-view
hwtacacs scheme tacgui
 primary authentication tacgui ip address
 primary authorization tacgui ip address
 primary accounting tacgui ip address
 nas-ip source interface ip address
 key authentication simple pre-shared key
 key authorization simple pre-shared key
 key accounting simple pre-shared key
 user-name-format without-domain
 quit
domain aaa
 authentication login hwtacacs-scheme tacgui local
 authorization login hwtacacs-scheme tacgui local
 accounting login hwtacacs-scheme tacgui local
 authorization command hwtacacs-scheme tacgui local
 accounting command hwtacacs-scheme tacgui
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
 quit

user-interface vty 0 4
 authentication-mode scheme
 command authorization
 command accounting
 protocol inbound ssh
 quit

In the example below user can execute any commands except show crypto isacmp sa and show crypto ipsec sa

login as: h3c_slave
h3c_slave@10.6.0.120's password:

******************************************************************************
* Copyright (c) 2004-2017 Hangzhou H3C Tech. Co., Ltd. All rights reserved.  *
* Without the owner's prior written consent,                                 *
* no decompiling or reverse-engineering shall be allowed.                    *
******************************************************************************

<H3C>display ver ;!command not restricted
H3C Comware Platform Software
Comware Software, Version 5.20, Release 2516P13
Copyright (c) 2004-2017 Hangzhou H3C Tech. Co., Ltd. All rights reserved.
H3C MSR920 uptime is 3 weeks, 2 days, 6 hours, 0 minute
...

<H3C>display ip routing-table ;!command restricted by the Command Set
 System is busy or this command can't be executed because of no such privilege!

<H3C>display boot
 The boot file used at this reboot:flash:/main.bin attribute: main
 The boot file used at the next reboot:flash:/main.bin attribute: main
 The boot file used at the next reboot:flash:/msr9xx-r2312p20.bin attribute: backup
 Failed to get the secure boot file used at the next reboot!