R3303-HP HSR6800 Routers Security Configuration Guide
57
# Set the shared key for secure authentication communication to expert.
[Router-radius-rad] key authentication expert
# Specify the service type for the RADIUS server, which must be extended when the server runs on IMC.
[Router-radius-rad] server-type extended
# Include the domain names in usernames sent to the RADIUS server.
[Router-radius-rad] user-name-format with-domain
[Router-radius-rad] quit
# Configure the AAA methods for domain bbb. Because RADIUS authorization information is sent to the
RADIUS client in the authentication response messages, be sure to reference the same scheme for user
authentication and authorization.
[Router] domain bbb
[Router-isp-bbb] authentication login radius-scheme rad
[Router-isp-bbb] authorization login radius-scheme rad
[Router-isp-bbb] quit
Verifying the configuration
After the configuration is complete, the user can Telnet to the router, use the configured account to enter
the user interface of the router, and access all the commands of level 0 to level 3.
# Use the display connection command to view the connection information on the router.
[Router] display connection
Index=1 ,Username=hello@bbb
IP=192.168.1.58
IPv6=N/A
Total 1 connection(s) matched.
Local authentication/authorization for Telnet/FTP users
The configuration of local authentication and authorization for FTP users is similar to that for Telnet users.
This example describes the configuration of Telnet users.
Network requirements
As shown in Figure 13, configure the router to perform local authentication and authorization for Telnet
users.
Figure 13 Network diagram
Configuration procedure
# Assign an IP address to interface GigabitEthernet 3/0/1, the Telnet user access interface.
<Router> system-view
[Router] interface gigabitethernet 3/0/1
[Router-GigabitEthernet3/0/1] ip address 192.168.1.70 255.255.255.0
[Router-GigabitEthernet3/0/1] quit
# Enable the Telnet server on the device.