R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101
170
Configuration procedure
1. Configure the firewall
# Configure the IP address of interface GigabitEthernet 0/1, through which the Telnet user accesses the
Firewall.
<Firewall> system-view
[Firewall] interface GigabitEthernet 0/1
[Firewall-GigabitEthernet0/1] ip address 192.168.1.70 255.255.255.0
[Firewall-GigabitEthernet0/1] quit
# Enable the Telnet server on the device.
[Firewall] telnet server enable
# Configure the Firewall to use AAA for Telnet users.
[Firewall] user-interface vty 0 4
[Firewall-ui-vty0-4] authentication-mode scheme
[Firewall-ui-vty0-4] quit
# Create local user named telnet.
[Firewall] local-user telnet
[Firewall-luser-telnet] service-type telnet
[Firewall-luser-telnet] password simple aabbcc
[Firewall-luser-telnet] quit
# Configure the AAA methods for the ISP domain as local authentication and authorization.
[Firewall] domain system
[Firewall-isp-system] authentication login local
[Firewall-isp-system] authorization login local
[Firewall-isp-system] quit
2. Verify the configuration
When telnetting to the Firewall, a user can access the user interface of the Firewall by using username
telnet@system and correct password.
# Use the display connection command to view the connection information on Firewall.
[Firewall] display connection
Index=1 ,Username=telnet@system
IP=192.168.1.58
IPv6=N/A
Total 1 connection(s) matched.
RADIUS authentication and authorization for Telnet users by a
network device
Network requirements
As shown in Figure 100, a Telnet user is directly connected to Firewall A and Firewall A is connected to
Firewall B. Firewall B serves as the RADIUS server to provide authentication and authorization services.
The IP address of Firewall B is 10.1.1.2/24, and the authentication port is 1645.