Authentication/Authorization For Ssh/Telnet Users By A Radius Server - HP 6125G Configuration Manual

[Switch-radius-rd] quit
# Create a local user named hello.
[Switch] local-user hello
[Switch-luser-hello] service-type telnet
[Switch-luser-hello] password simple hello
[Switch-luser-hello] quit
# Configure the AAA methods for the ISP domain.
[Switch] domain bbb
[Switch-isp-bbb] authentication login local
[Switch-isp-bbb] authorization login hwtacacs-scheme hwtac
[Switch-isp-bbb] accounting login radius-scheme rd
[Switch-isp-bbb] quit
Verify the configuration:
2.
Telnet to the switch as a user and enter the username hello@bbb and the correct password. You
pass authentication and log in to the switch. Issuing the display connection command on the switch,
you can see information about the user connection.
Authentication/authorization for SSH/Telnet users by a
RADIUS server
The configuration of authentication and authorization for SSH users is similar to that for Telnet users. The
following example describes the configuration for SSH users.
Network requirements
As shown in
authorization, and to include the domain name in a username sent to the RADIUS server.
Configure IMC to act as the RADIUS server, add an account with the username hello@bbb on the
RADIUS server, and configure the RADIUS server to assign the privilege level of 3 to the user after the
user passes authentication.
Set the shared keys for secure RADIUS communication to expert.
Figure 12 Network diagram
Configuring the RADIUS server
This example assumes that the RADIUS server runs on IMC PLAT 5.0 (E0101) and IMC UAM 5.0 (E0101).
Add the switch to IMC as an access device:
1.
Figure 12, configure the switch to use the RADIUS server for SSH user authentication and
48