R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
158
[LB-radius-rad] primary authentication 10.1.1.1 1812
# Specify the primary accounting server.
[LB-radius-rad] primary accounting 10.1.1.1 1813
# Set the shared key for authentication packets to expert.
[LB-radius-rad] key authentication expert
# Set the shared key for accounting packets to expert.
[LB-radius-rad] key accounting expert
# Specify the service type for the RADIUS server, which must be extended when the server runs IMC.
[LB-radius-rad] server-type extended
# Specify that a username sent to the RADIUS server carry the domain name.
[LB-radius-rad] user-name-format with-domain
[LB-radius-rad] quit
# Configure the AAA methods for domain bbb. As RADIUS authorization information is sent to the
RADIUS client in the authentication response messages, be sure to reference the same scheme for user
authentication and authorization.
[LB] domain bbb
[LB-isp-bbb] authentication login radius-scheme rad
[LB-isp-bbb] authorization login radius-scheme rad
[LB-isp-bbb] accounting login radius-scheme rad
[LB-isp-bbb] quit
// You can achieve the same result by configuring default AAA methods for all types of users in domain
bbb.
[LB] domain bbb
[LB-isp-bbb] authentication default radius-scheme rad
[LB-isp-bbb] authorization default radius-scheme rad
[LB-isp-bbb] accounting default radius-scheme rad
3. Verify the configuration
After the above configuration, the Telnet user should be able to telnet to the LB module and use the
configured account to enter the user interface of the card, and access all the commands of level 0 to level
3.
AAA for FTP/Telnet users by the LB module itself
NOTE:
Configuration of local authentication and authorization for FTP users is similar to that for Telnet users. The
following takes Telnet users as an example.