Verifying the configuration – H3C Technologies H3C SecPath F1000-E User Manual

Page 235

225

# Configure the IP address of interface GigabitEthernet 0/2, through which SecPath

communicates with the server.

[SecPath] interface GigabitEthernet 0/2

[SecPath-GigabitEthernet0/2] ip address 10.1.1.2 255.255.255.0

[SecPath-GigabitEthernet0/2] quit

# Enable the Telnet server on SecPath.

[SecPath] telnet server enable

# Configure SecPath to use AAA for Telnet users.

[SecPath] user-interface vty 0 4

[SecPath-ui-vty0-4] authentication-mode scheme

[SecPath-ui-vty0-4] quit

# Create RADIUS scheme rad.

[SecPath] radius scheme rad

# Specify the primary authentication server.

[SecPath-radius-rad] primary authentication 10.1.1.1 1812

# Set the shared key for authenticating authentication packets to expert.

[SecPath-radius-rad] key authentication expert

# Specify the service type for the RADIUS server, which must be extended when the server runs on

CAMS or IMC.

[SecPath-radius-rad] server-type extended

# Specify the scheme to include the domain names in usernames to be sent to the RADIUS server.

[SecPath-radius-rad] user-name-format with-domain

[SecPath-radius-rad] quit

# Configure the AAA methods for domain bbb. Because RADIUS authorization information is sent

to the RADIUS client in the authentication response messages, reference the same scheme for user
authentication and authorization.

[SecPath] domain bbb

[SecPath-isp-bbb] authentication login radius-scheme rad

[SecPath-isp-bbb] authorization login radius-scheme rad

[SecPath-isp-bbb] quit

Verifying the configuration

After you complete the configuration, the user can Telnet to SecPath, use the configured account to enter
the user interface of SecPath, and access all the commands of level 0 to level 3.
# Use the display connection command to view the connection information on SecPath.

[SecPath] display connection

Index=1 ,Username=hello@bbb

IP=192.168.1.58

IPv6=N/A

Total 1 connection(s) matched.

Local authentication and authorization for Telnet and FTP users

The local authentication and authorization configuration for FTP users is similar to that for Telnet users.
This example describes the configuration for Telnet users.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS