aaa服务器地址配置

❶ H3C S3600交换机AAA认证配置

1.对于交换机，最好console不要配置认证，万一出现问题（如人为设置错误等），你console无法进去，最好配置个本地用户。
2.配置tacacs就可以了。没必要配置radius(radius还不能对命令进行鉴权)，tacacs，完全可以对用户、等级（exec）、命令（command）进行授权。
给个配置给你参考（华为），我这配置，对于console口是没有去aaa服务器的。

domain mydepart
scheme hwtacacs-scheme mydepart local
vlan-assignment-mode integer
access-limit disable
state active
idle-cut disable
self-service-url disable

hwtacacs scheme mydepart
primary authentication 192.168.1.2
secondary authentication 192.168.1.3
primary authorization 192.168.1.2
secondary authorization 192.168.1.3
primary accounting 192.168.1.2
secondary accounting 192.168.1.3
key authentication mykey
key authorization mykey
key accounting mykey
user-name-format without-domain

local-user myuser

#
super password level 3 cipher sdfsdfgsdfs
#
hwtacacs nas-ip 192.168.1.1

user-interface vty 0 4
acl 2000 inbound
authentication-mode scheme command-authorization
user privilege level 3
idle-timeout 5 0
protocol inbound telnet

user-interface con 0
authentication-mode password
set authentication password cipher sdfsdfsdfwer
idle-timeout 5 0