F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

272

7. Enable telnet services on the firewall:

a. Select Device Management > Service Management from the navigation tree.

b. Select the box next to Enable Telnet service.

c. Click Apply.

Figure 181 Enabling the Telnet service

8. At the CLI, configure the firewall to use username and password authentication for telnet users and

configure the ISP domain to use the HWTACACS scheme system:

<Firewall> system-view

[Firewall] user-interface vty 0 4

[Firewall-ui-vty0-4] authentication-mode scheme

[Firewall-ui-vty0-4] quit

[Firewall] domain bbb

[Firewall-isp-bbb] authentication login hwtacacs-scheme system

[Firewall-isp-bbb] authorization login hwtacacs-scheme system

[Firewall-isp-bbb] accounting login hwtacacs-scheme system

[Firewall-isp-bbb] quit

493BVerifying the configuration

Telnet to the firewall by entering the username in the format of userid@bbb and the correct password, and

then you can enter the user interface of the firewall. Use the display connection command on the firewall

to view information about the user connection.

80B

Troubleshooting AAA

250BTroubleshooting RADIUS

494BSymptom 1

User authentication/authorization always fails.

495BAnalysis

Possible reasons include:

• A communication failure exists between the NAS and the RADIUS server.

• The username is not in the format userid@isp-name or the ISP domain is not correctly configured on

the NAS.

• The user is not configured on the RADIUS server.