R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101
166
AAA configuration examples
Authentication/authorization for Telnet/SSH users by a
RADIUS server
NOTE:
Configuration of RADIUS authentication and authorization SSH users is similar to that for Telnet users. The
following takes Telnet users as an example.
Network requirements
As shown in Figure 96, a Telnet user is connected to the Firewall and the Firewall is connected to the
RADIUS server. Complete the following tasks:
• Configure a IMC server to act as the RADIUS server to provide authentication and authorization
services for Telnet users. The IP address of the RADIUS server is 10.1.1.1/24.
• Set the shared keys for authenticating authentication and authorization packets exchanged
between the Firewall and the RADIUS server to expert and specify the ports for
authentication/authorization and accounting as 1812 and 1813 respectively.
• Specify that a username sent to the RADIUS server carries the domain name.
• Add an account on the RADIUS server, with the username being hello@bbb. The Telnet user uses
the username and the configured password to log in to the Firewall and will be authorized with the
privilege level of 3 after successful login.
Figure 96 Configure authentication/authorization for Telnet users through a RADIUS server
Configuration procedure
1. Configure the RADIUS server
When the RADIUS server runs IMC, complete the following tasks:
NOTE:
This example assumes that the RADIUS server runs IMC 5.0-E0101L02 and IMC UAM 5.0-E0101.
# Add an access device.