Configuration considerations, Configuration procedure – H3C Technologies H3C SecBlade LB Cards User Manual
Page 94
83
Figure 33 Network diagram
Configuration considerations
1.
Configure LB to use AAA, particularly, local authentication for Telnet users:
{
Create ISP domain bbb and configure it to use local authentication for Telnet users.
{
Create a local user account, configure the password, and assign the privilege level for the user
to enjoy after login.
2.
On LB, configure the authentication method for user privilege level switching:
{
Specify LB to use RADIUS authentication and, if RADIUS authentication is not available, use
local authentication for users switching from a lower level to a higher level.
{
Configure RADIUS scheme rad and assign an IP address to the RADIUS server. Set the shared
keys for secure RADIUS communication and specify that usernames sent to the RADIUS server
carry no domain name. Configure the domain to use RADIUS scheme rad for user privilege
level switching authentication.
{
Configure the password for local user privilege level switching authentication.
3.
On the RADIUS server, add the username and password for user privilege level switching
authentication.
Configuration procedure
1.
Configure LB:
# Configure the IP address of GigabitEthernet 0/1, through which the Telnet user accesses LB.
[LB] interface gigabitethernet 0/1
[LB-GigabitEthernet0/1] ip address 192.168.1.70 255.255.255.0
[LB-GigabitEthernet0/1] quit
# Configure the IP address of GigabitEthernet 0/2, through which LB communicates with the
server.
[LB] interface gigabitethernet 0/2
[LB-GigabitEthernet0/2] ip address 10.1.1.2 255.255.255.0
[LB-GigabitEthernet0/2] quit
# Enable LB to provide Telnet service.
[LB] telnet server enable
# Configure LB to use AAA for Telnet users.
[LB] user-interface vty 0 4
[LB-ui-vty0-4] authentication-mode scheme