H3C Technologies H3C SecPath F1000-E User Manual
Page 238
228
# Configure the IP address of GigabitEthernet 0/2, through which SecPath communicates with the server.
[SecPath] interface GigabitEthernet 0/2
[SecPath-GigabitEthernet0/2] ip address 10.1.1.2 255.255.255.0
[SecPath-GigabitEthernet0/2] quit
# Enable SecPath to provide Telnet service.
[SecPath] telnet server enable
# Configure SecPath to use AAA for Telnet users.
[SecPath] user-interface vty 0 4
[SecPath-ui-vty0-4] authentication-mode scheme
[SecPath-ui-vty0-4] quit
# Use RADIUS authentication for user privilege level switching authentication and, if RADIUS
authentication is not available, use local authentication.
[SecPath] super authentication-mode scheme local
# Create RADIUS scheme rad.
[SecPath] radius scheme rad
# Specify the IP address of the primary authentication server as 10.1.1.1, and the port for authentication
as 1812.
[SecPath-radius-rad] primary authentication 10.1.1.1 1812
# Set the shared key for authenticating authentication packets to expert.
[SecPath-radius-rad] key authentication expert
# Specify the service type of the RADIUS server as standard.
[SecPath-radius-rad] server-type standard
# Specify the scheme to exclude the domain names from usernames to be sent to the RADIUS server.
[SecPath-radius-rad] user-name-format without-domain
[SecPath-radius-rad] quit
# Create ISP domain bbb.
[SecPath] domain bbb
# Configure the AAA methods for domain bbb as local authentication.
[SecPath-isp-bbb] authentication login local
# Configure the domain to use the RADIUS scheme rad for user privilege level switching authentication.
[SecPath-isp-bbb] authentication super radius-scheme rad
[SecPath-isp-bbb] quit
# Create a local Telnet user named test.
[SecPath] local-user test
[SecPath-luser-test] service-type telnet
[SecPath-luser-test] password simple aabbcc
# Configure the user level of the Telnet user to 0 after user login.
[SecPath-luser-test] authorization-attribute level 0
[SecPath-luser-test] quit
# Configure the password for local level switching authentication to 654321.
[SecPath] super password simple 654321
[SecPath] quit
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS