F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

241

242

243

244

245

246

247

248

249

250

234

464BConfiguring the firewall

# Assign an IP address to interface GigabitEthernet 0/1, the Telnet user access interface.

<Firewall> system-view

[Firewall] interface gigabitethernet 0/1

[Firewall-GigabitEthernet0/1] ip address 192.168.1.70 255.255.255.0

[Firewall-GigabitEthernet0/1] quit

# Configure the IP address of interface GigabitEthernet 0/2, through which the firewall communicates

with the server.

[Firewall] interface gigabitethernet 0/2

[Firewall-GigabitEthernet0/2] ip address 10.1.1.2 255.255.255.0

[Firewall-GigabitEthernet0/2] quit

# Enable the Telnet server on the firewall.

[Firewall] telnet server enable

# Configure the firewall to use AAA for Telnet users.

[Firewall] user-interface vty 0 4

[Firewall-ui-vty0-4] authentication-mode scheme

[Firewall-ui-vty0-4] quit

# Create RADIUS scheme rad.

[Firewall] radius scheme rad

# Specify the primary authentication server.

[Firewall-radius-rad] primary authentication 10.1.1.1 1812

# Set the shared key for secure authentication communication to expert.

[Firewall-radius-rad] key authentication expert

# Specify the service type for the RADIUS server, which must be extended when the server runs on IMC.

[Firewall-radius-rad] server-type extended

# Include the domain names in usernames sent to the RADIUS server.

[Firewall-radius-rad] user-name-format with-domain

[Firewall-radius-rad] quit

# Configure the AAA methods for domain bbb. Because RADIUS authorization information is sent to the

RADIUS client in the authentication response messages, be sure to reference the same scheme for user

authentication and authorization.

[Firewall] domain bbb

[Firewall-isp-bbb] authentication login radius-scheme rad

[Firewall-isp-bbb] authorization login radius-scheme rad

[Firewall-isp-bbb] quit

465BVerifying the configuration

After the configuration is complete, the user can Telnet to the firewall, use the configured account to enter

the user interface of the firewall, and access all the commands of level 0 to level 3.

# Use the display connection command to view the connection information on the firewall.

[Firewall] display connection

Index=1 ,Username=hello@bbb

IP=192.168.1.58

IPv6=N/A

Total 1 connection(s) matched.