设置VTY，允许telnet登录

user-interface vty 0 4
 authentication-mode aaa
 user privilege level 15
 protocol inbound telnet

设置TACACS服务器

hwtacacs-server template hwtacacs-server1
 hwtacacs-server authentication 192.168.250.6
 hwtacacs-server authorization 192.168.250.6
 hwtacacs-server accounting 192.168.250.6
 hwtacacs-server shared-key cipher Abc@123.com
 quit

认证

aaa
 authentication-scheme authentication-hwtacacs
  authentication-mode hwtacacs local
  authentication-super hwtacacs super
  quit

授权

aaa
 authorization-scheme authorization-hwtacacs
  authorization-mode hwtacacs local
  quit

计费

aaa
 accounting-scheme accounting-hwtacacs
  accounting-mode hwtacacs
  accounting realtime 3
  accounting start-fail online
  quit

设置认证域

aaa
 domain linux-hwtacacs
  authentication-scheme authentication-hwtacacs
  accounting-scheme accounting-hwtacacs
  authorization-scheme authorization-hwtacacs
  hwtacacs-server hwtacacs-server1
 quit
 quit

启用认证域

domain linux-hwtacacs admin

再添加一个本地用户，以防TACACS服务器掉线

aaa
local-user admin password irreversible-cipher Abc@123.com
 local-user admin privilege level 15
 local-user admin service-type telnet terminal http

查看域信息

display domain name linux-hwtacacs

调试

return
terminal monitor
terminal debugging
debugging hwtacacs all