Authentication/Authorization For Ssh/Telnet Users By A Radius Server - HP A5830 Series Configuration Manual

[Switch-radius-rd] user-name-format without-domain
[Switch-radius-rd] quit
# Create a local user named hello.
[Switch] local-user hello
[Switch-luser-hello] service-type telnet
[Switch-luser-hello] password simple hello
[Switch-luser-hello] quit
# Configure the AAA methods for the ISP domain.
[Switch] domain bbb
[Switch-isp-bbb] authentication login local
[Switch-isp-bbb] authorization login hwtacacs-scheme hwtac
[Switch-isp-bbb] accounting login radius-scheme rd
[Switch-isp-bbb] quit
Verify the configuration.
2.
Telnet to the switch as a user, and enter the username hello@bbb and the correct password. You pass
authentication and log in to the switch. By issuing the display connection command on the switch, you
can see information about the user connection.
Authentication/authorization for SSH/Telnet users by a RADIUS
server
The configuration of authentication and authorization for SSH users is similar to that for Telnet users. The
following uses SSH users as an example.
Network requirements
See Figure 12. Complete the following tasks:
Configure an iMC server to act as the RADIUS server.
•
Configure the switch to use the RADIUS server for SSH user authentication and authorization.
•
Set the shared keys for packet exchange with the RADIUS server to expert, and configure the
•
switch to include the domain names in usernames to be sent to the RADIUS server.
Add an account on the RADIUS server, with the username hello@bbb. The SSH user uses the
•
username and the configured password to log in to the switch and is authorized with the privilege
level of 3 after login.
Figure 12 Configure authentication/authorization for SSH users by a RADIUS server
SSH user
RADIUS server
10.1.1.1/24
-int3
VLAN
10.1.1.2/24
VLAN-int2
192. 168.1.70/24
Switch
Internet
47