R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101

169

[Firewall] radius scheme rad

# Specify the primary authentication server.

[Firewall-radius-rad] primary authentication 10.1.1.1 1812

# Set the shared key for authenticating authentication packets to expert.

[Firewall-radius-rad] key authentication expert

# Specify the service type for the RADIUS server, which must be extended when the server runs IMC.

[Firewall-radius-rad] server-type extended

# Specify the scheme to include the domain names in usernames to be sent to the RADIUS server.

[Firewall-radius-rad] user-name-format with-domain

[Firewall-radius-rad] quit

# Configure the AAA methods for domain bbb. Because RADIUS authorization information is sent to the

RADIUS client in the authentication response messages, be sure to reference the same scheme for user

authentication and authorization.

[Firewall] domain bbb

[Firewall-isp-bbb] authentication login radius-scheme rad

[Firewall-isp-bbb] authorization login radius-scheme rad

[Firewall-isp-bbb] quit

3. Verify the configuration

After you complete the configuration, the Telnet user should be able to telnet to the Firewall, use the

configured account to enter the user interface of the Firewall, and access all the commands of level 0 to

level 3.

# Use the display connection command to view the connection information on the Firewall.

[Firewall] display connection

Index=1 ,Username=hello@bbb

IP=192.168.1.58

IPv6=N/A

Total 1 connection(s) matched.

Local authentication/authorization for Telnet/FTP users

NOTE:

Configuration of local authentication and authorization for FTP users is similar to that for Telnet users. The

following takes Telnet users as an example.

Network requirements

As shown in Figure 99, configure the Firewall to perform local authentication and authorization for Telnet

users.

Figure 99 Configure local authentication/authorization for Telnet users