R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
161
Configuration procedure
1. Configure the LB module
# Configure the IP address of Ten-GigabitEthernet 0/0.1, through which the Telnet user accesses the
card.
<LB> system-view
[LB] interface Ten-GigabitEthernet 0/0.1
[LB-Ten-GigabitEthernet0/0.1] ip address 192.168.1.70 255.255.255.0
[LB-Ten-GigabitEthernet0/0.1] quit
# Configure the IP address of Ten-GigabitEthernet 0/0.2, through which the card communicates with the
server.
[LB] interface Ten-GigabitEthernet 0/0.2
[LB-Ten-GigabitEthernet0/0.2] ip address 10.1.1.2 255.255.255.0
[LB-Ten-GigabitEthernet0/0.2] quit
# Enable the card to provide Telnet service.
[LB] telnet server enable
# Configure the card to use AAA for Telnet user authentication.
[LB] user-interface vty 0 4
[LB-ui-vty0-4] authentication-mode scheme
[LB-ui-vty0-4] quit
# Specify to use RADIUS authentication and, if RADIUS authentication is not available, use local
authentication for user privilege level switching authentication.
[LB] super authentication-mode scheme local
# Create RADIUS scheme rad.
[LB] radius scheme rad
# Specify the IP address of the primary authentication server as 10.1.1.1, and the port for authentication
as 1812.
[LB-radius-rad] primary authentication 10.1.1.1 1812
# Set the shared key for authentication packets to expert.
[LB-radius-rad] key authentication expert
# Specify the service type of the RADIUS server as standard.
[LB-radius-rad] server-type standard
# Specify that usernames sent to the RADIUS server carry no domain name.
[LB-radius-rad] user-name-format without-domain
[LB-radius-rad] quit
# Create ISP domain bbb.
[LB] domain bbb
# Configure the AAA methods for domain bbb as local authentication.
[LB-isp-bbb] authentication login local
# Configure the domain to use the RADIUS scheme rad for user privilege level switching authentication.
[LB-isp-bbb] authentication super radius-scheme rad
[LB-isp-bbb] quit
# Create a local Telnet user named test.
[LB] local-user test