Manualshelf

R0106-HP MSR Router Series Fundamentals Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
31323334353637383940
32
Configuration procedure
1. Configure the router:
# Assign an IP address to GigabitEthernet 2/1/1, the interface connected to the Telnet user.
<Router> system-view
[Router] interface gigabitethernet 2/1/1
[Router-GigabitEthernet2/1/1] ip address 192.168.1.70 255.255.255.0
[Router-GigabitEthernet2/1/1] quit
# Assign an IP address to GigabitEthernet 2/1/2, the interface connected to the RADIUS server.
[Router] interface gigabitethernet 2/1/2
[Router-GigabitEthernet2/1/2] ip address 10.1.1.2 255.255.255.0
[Router-GigabitEthernet2/1/2] quit
# Enable Telnet server.
[Router] telnet server enable
# Enable scheme authentication on the user lines for Telnet users.
[Router] line vty 0 63
[Router-line-vty0-63] authentication-mode scheme
[Router-line-vty0-63] quit
# Enable remote-then-local authentication for temporary user role authorization.
[Router] super authentication-mode scheme local
# Create the HWTACACS scheme hwtac and enter HWTACACS scheme view.
[Router] hwtacacs scheme hwtac
# Specify the primary authentication server address 10.1.1.1 and the service port 49 in the
scheme.
[Router-hwtacacs-hwtac] primary authentication 10.1.1.1 49
# Set the shared key to expert in the scheme for the router to authenticate to the server.
[Router-hwtacacs-hwtac] key authentication simple expert
# Exclude the ISP domain name from the username sent to the HWTACACS server.
[Router-hwtacacs-hwtac] user-name-format without-domain
[Router-hwtacacs-hwtac] quit
# Create ISP domain bbb and enter ISP domain view.
[Router] domain bbb
# Configure ISP domain bbb to use local authentication for login users.
[Router-isp-bbb] authentication login local
# Configure ISP domain bbb to use local authorization for login users.
[Router-isp-bbb] authorization login local
# Apply the HWTACACS scheme hwtac to the ISP domain for user role authentication.
[Router-isp-bbb] authentication super hwtacacs-scheme hwtac
[Router-isp-bbb] quit
# Create a device management user named test and enter local user view. Set the service type to
Telnet, and set the password to aabbcc.
[Router] local-user test class manage
[Router-luser-manage-test] service-type telnet
[Router-luser-manage-test] password simple aabbcc
# Assign level-0 to the user.
[Router-luser-manage-test] authorization-attribute user-role level-0