Network requirements, Configuration considerations, Configuring secpath – H3C Technologies H3C SecPath F1000-E User Manual

227

Level switching authentication for Telnet users by a RADIUS

server

The RADIUS server in this example runs ACSv4.0.

Network requirements

As shown in

Figure 168

, configure SecPath to:

•

Use local authentication for the Telnet user and assign the privilege level of 0 to the user when the
user passes authentication.

•

Use the RADIUS server for level switching authentication of the Telnet user. If the RADIUS server is
not available, use local authentication instead.

Figure 168 Network diagram

Configuration considerations

1.

Configure SecPath to use AAA, particularly, local authentication for Telnet users:

{

Create ISP domain bbb and configure it to use local authentication for Telnet users.

{

Create a local user account, configure the password, and assign the user privilege level.

2.

On SecPath, configure the authentication method for user privilege level switching:

{

Specify to use RADIUS authentication and, if RADIUS authentication is not available, use local
authentication for users switching from a lower level to a higher level.

{

Configure RADIUS scheme rad and assign an IP address to the RADIUS server. Set the shared
keys for authenticating AAA packets and specify that usernames sent to the RADIUS server

carry no domain name. Configure the domain to use RADIUS scheme rad for user privilege

level switching authentication.

{

Configure the password for local user privilege level switching authentication.

3.

On the RADIUS server, add the username and password for user privilege level switching
authentication.

Configuring SecPath

# Configure the IP address of GigabitEthernet 0/1, through which the Telnet user accesses SecPath.

system-view

[SecPath] interface GigabitEthernet 0/1

[SecPath-GigabitEthernet0/1] ip address 192.168.1.70 255.255.255.0

[SecPath-GigabitEthernet0/1] quit