H3C Technologies H3C SecBlade LB Cards User Manual
Page 95
84
[LB-ui-vty0-4] quit
# Use RADIUS authentication for user privilege level switching authentication and, if RADIUS
authentication is not available, use local authentication.
[LB] super authentication-mode scheme local
# Create RADIUS scheme rad.
[LB] radius scheme rad
# Specify the IP address of the primary authentication server as 10.1.1.1, and the port for
authentication as 1812.
[LB-radius-rad] primary authentication 10.1.1.1 1812
# Set the shared key for secure authentication communication to expert.
[LB-radius-rad] key authentication expert
# Specify the service type of the RADIUS server as standard.
[LB-radius-rad] server-type standard
# Remove domain names from the usernames sent to the RADIUS server.
[LB-radius-rad] user-name-format without-domain
[LB-radius-rad] quit
# Create ISP domain bbb.
[LB] domain bbb
# Configure the AAA methods for domain bbb as local authentication.
[LB-isp-bbb] authentication login local
# Configure the domain to use the RADIUS scheme rad for user privilege level switching
authentication.
[LB-isp-bbb] authentication super radius-scheme rad
[LB-isp-bbb] quit
# Create a local Telnet user named test.
[LB] local-user test
[LB-luser-test] service-type telnet
[LB-luser-test] password simple aabbcc
# Configure the user level of the Telnet user to 0 after user login.
[LB-luser-test] authorization-attribute level 0
[LB-luser-test] quit
# Configure the password for local level switching authentication to 654321.
[LB] super password simple 654321
[LB] quit
2.
Configure the RADIUS server.
The RADIUS server in this example runs ACSv4.0.
Add the usernames and passwords for user privilege level switching authentication.
Table 13 Adding username and passwords for user privilege level switching authentication
Username Password
Switching to level
$enab1$ pass1
1
$enab2$ pass2
2
$enab3$ pass3
3