Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

14

Figure 1 Network diagram for configuring user authentication

Configuration procedure

# Assign an IP address to Device to make Device and Host A, Device and Host B, Device and Host C,
and Device and RADIUS server reach each other. The configuration is omitted.

# Enable telnet services on Device.

system-view

[Device] telnet server enable

# Configure that no authentication is needed when users log in to Device through the console port. Set
the privilege level of the administrator that logs in through the console port to 3, which means the
administrator can execute all commands.

[Device] user-interface console 0

[Device-ui-console0] authentication-mode none

[Device-ui-console0] user privilege level 3

[Device-ui-console0] quit

# Set to use password authentication when users use VTY 0 interface to log in to Device from Host B. The
authentication password is 123. Then set the privilege level of the users logging in through VTY 0 to 2.

[Device] user-interface vty 0 4

[Device-ui-vty0-4] authentication-mode password

[Device-ui-vty0-4] set authentication password cipher 123

[Device-ui-vty0-4] user privilege level 2

[Device-ui-vty0-4] quit

# Create a RADIUS scheme and configure the IP address and UDP port for the primary authentication
server for the scheme. Ensure that the port number is consistent with that on the RADIUS server. Set the
shared key for authentication packets to expert for the scheme and the RADIUS server type of the
scheme to extended. Specify Device to remove the domain name in the username that is sent to the
RADIUS server.

[Device] radius scheme rad