Level Switching Authentication For Telnet Users By A Radius Server - HP 6600 Security Configuration Manual

Level switching authentication for Telnet users by a RADIUS
server
Network requirements
As shown in
Use local authentication for the Telnet user and assign the privilege level of 0 to the user when the
•
user passes authentication.
Use the RADIUS server for level switching authentication of the Telnet user. If the RADIUS server is
•
not available, use local authentication.
Figure 15 Network diagram
Configuration considerations
1. Configure the router to use AAA, particularly, local authentication for Telnet users:
Create ISP domain bbb and configure it to use local authentication for Telnet users.
Create a local user account, configure the password, and assign the privilege level for the user
to enjoy after login.
2. On the router, configure the authentication method for user privilege level switching:
Specify the router to use RADIUS authentication and, if RADIUS authentication is not available,
use local authentication for users switching from a lower level to a higher level.
Configure RADIUS scheme rad and assign an IP address to the RADIUS server. Set the shared
keys for secure RADIUS communication and specify that usernames sent to the RADIUS server
carry no domain name. Configure the domain to use RADIUS scheme rad for user privilege
level switching authentication.
Configure the password for local user privilege level switching authentication.
3. On the RADIUS server, add the username and password for user privilege level switching
authentication.
Configuration procedure
1. Configure the router:
# Configure the IP address of GigabitEthernet 3/0/1, through which the Telnet user accesses the
router.
<Router> system-view
[Router] interface gigabitethernet 3/0/1
[Router-GigabitEthernet3/0/1] ip address 192.168.1.70 255.255.255.0
Figure 15, configure the router to:
61