HP VPN Firewall Appliances Access Control Configuration Guide
232
[Firewall-ui-vty0-4] authentication-mode scheme
[Firewall-ui-vty0-4] quit
# Create RADIUS scheme rad.
[Firewall] radius scheme rad
# Specify the primary authentication server.
[Firewall-radius-rad] primary authentication 10.1.1.1 1812
# Set the shared key for secure authentication communication to expert.
[Firewall-radius-rad] key authentication expert
# Specify the service type for the RADIUS server, which must be extended when the server runs on IMC.
[Firewall-radius-rad] server-type extended
# Include the domain names in usernames sent to the RADIUS server.
[Firewall-radius-rad] user-name-format with-domain
[Firewall-radius-rad] quit
# Configure the AAA methods for domain bbb. Because RADIUS authorization information is sent to the
RADIUS client in the authentication response messages, be sure to reference the same scheme for user
authentication and authorization.
[Firewall] domain bbb
[Firewall-isp-bbb] authentication login radius-scheme rad
[Firewall-isp-bbb] authorization login radius-scheme rad
[Firewall-isp-bbb] quit
Verifying the configuration
After the configuration is complete, the user can Telnet to the firewall, use the configured account to enter
the user interface of the firewall, and access all the commands of level 0 to level 3.
# Use the display connection command to view the connection information on the firewall.
[Firewall] display connection
Index=1 ,Username=hello@bbb
IP=192.168.1.58
IPv6=N/A
Total 1 connection(s) matched.
Local authentication/authorization configuration example for
Telnet/FTP users
This example describes the configuration of Telnet users. Configure local authentication and
authorization methods for FTP users in the same way they are configured for Telnet users.
Network requirements
As shown in Figure 138, configure the firewall to perform local authentication and authorization for Telnet
users.