Radius Authentication And Authorization For Telnet Users By A Network Device - HPE FlexNetwork MSR Series Comware 5 Security Configuration Manual

RADIUS authentication and authorization for Telnet users by
a network device
The following matrix shows the feature and hardware compatibility:
Hardware
MSR900
MSR93X
MSR20-1X
MSR20
MSR30
MSR50
MSR1000
Network requirements
As shown in
authorization on port 1645.
Configure Router A to use the RADIUS server for Telnet user authentication and authorization, and
to remove the domain name in a username sent to the server.
Set the shared keys for secure communication between the NAS and the RADIUS server to abc.
Figure 32 Network diagram
Telnet user
192.168.1.2
Configuration procedure
1. Configure an IP address for each interface as shown in
2. Configure the NAS:
# Enable the Telnet server on Router A.
<RouterA> system-view
[RouterA] telnet server enable
# Configure Router A to use AAA for Telnet users.
[RouterA] user-interface vty 0 4
[RouterA-ui-vty0-4] authentication-mode scheme
[RouterA-ui-vty0-4] quit
# Create RADIUS scheme rad.
[RouterA] radius scheme rad
# Specify the IP address of the primary authentication server as 10.1.1.2, the port for
authentication as 1645, and the shared key for secure authentication communication as abc.
[RouterA-radius-rad] primary authentication 10.1.1.2 1645 key abc
# Remove domain names from the usernames sent to the RADIUS server.
[RouterA-radius-rad] user-name-format without-domain
Figure 32, configure Router B as the RADIUS server to provide user authentication and
NAS
Eth1/1
192.168.1.1/24
Router A
Feature compatibility
No
No
Yes
Yes
Yes
No
Yes
RADIUS server
Eth1/2
Eth1/1
10.1.1.1/24
10.1.1.2/24
74
Router B
Figure 32. (Details not shown.)