Manualshelf

HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
231232233234235236237238239240
231
RADIUS authentication/authorization configuration example
for Telnet/SSH users
This example describes the configuration for Telnet users. Configure RADIUS authentication and
authorization for SSH users in the same way RADIUS authentication and authorization are configured for
Telnet users.
Network requirements
As shown in Figure 137, configure the firewall to use the RADIUS server for Telnet user authentication and
authorization and add an account with the username hello@bbb on the RADIUS server, so the Telnet
user can log in to the firewall and is authorized with the privilege level 3 after login.
Set the shared key for secure RADIUS communication to expert, and set the ports for
authentication/authorization and accounting to 1812 and 1813, respectively. Configure the firewall to
include the domain name in the usernames sent to the RADIUS server.
Figure 137 Network diagram
Configuring the RADIUS server
For information about the RADIUS server configuration, see the configuration guides of the RADIUS
server.
Configuring the firewall
# Assign an IP address to interface GigabitEthernet 0/1, the Telnet user access interface.
<Firewall> system-view
[Firewall] interface gigabitethernet 0/1
[Firewall-GigabitEthernet0/1] ip address 192.168.1.70 255.255.255.0
[Firewall-GigabitEthernet0/1] quit
# Configure the IP address of interface GigabitEthernet 0/2, through which the firewall communicates
with the server.
[Firewall] interface gigabitethernet 0/2
[Firewall-GigabitEthernet0/2] ip address 10.1.1.2 255.255.255.0
[Firewall-GigabitEthernet0/2] quit
# Enable the Telnet server on the firewall.
[Firewall] telnet server enable
# Configure the firewall to use AAA for Telnet users.
[Firewall] user-interface vty 0 4