AAA for FTP/Telnet Users
by the Device Itself
[Router-radius-rad] primary accounting 10.1.1.1 1813
[Router-radius-rad] key authentication expert
[Router-radius-rad] key accounting expert
[Router-radius-rad] server-type extended
[Router-radius-rad] user-name-format with-domain
[Router-radius-rad] quit
# Apply the AAA schemes to the domain. Here all the three schemes of
authentication, authorization, and accounting schemes are configured.
[Router] domain 1
[Router-isp-1] authentication login radius-scheme rad
[Router-isp-1] authorization login radius-scheme rad
[Router-isp-1] accounting login radius-scheme rad
[Router-isp-1] quit
# You can achieve the same purpose by setting default AAA schemes for all types
of users.
[Router] domain 1
[Router-isp-1] authentication default radius-scheme rad
[Router-isp-1] authorization default radius-scheme rad
[Router-isp-1] accounting default radius-scheme rad
n
Configuration of local authentication and authorization for FTP users is similar
■
to that for Telnet users. The following takes Telnet users as an example.
Currently, keeping accounts on FTP users is not supported.
■
Network requirements
As shown in
Figure
authorization, and accounting of Telnet users.
Network diagram
Figure 518 Configure local authentication/authorization/accounting for Telnet users
Telnet user
Configuration procedure
# Configure the IP addresses of various interfaces (omitted).
# Enable the Telnet server on the device.
<Router> system-view
[Router] telnet server enable
# Configure the router to use AAA for Telnet users.
AAA/RADIUS/HWTACACS Configuration Example
518, configure the router to perform local authentication,
Router
Internet
1783