Table of Contents
Advertisement
[Router-radius-rad] quit
# Create an ISP domain named bbb and configure authentication, authorization, and
accounting methods for login users. Because RADIUS user authorization information is
piggybacked in authentication responses, the authentication and authorization methods must
use the same RADIUS scheme.
[Router] domain bbb
[Router-isp-bbb] authentication login radius-scheme rad
[Router-isp-bbb] authorization login radius-scheme rad
[Router-isp-bbb] accounting login none
[Router-isp-bbb] quit
Verifying the configuration
# Initiate an SSH connection to the router, and enter username hello@bbb and the correct
password. The user logs in to the router. (Details not shown.)
# Verify that the user can use the commands permitted by the network-operator user role. (Details
not shown.)
Example: Configuring local authentication and authorization
for SSH users
Network configuration
As shown in
•
Perform local authentication and authorization for SSH users.
•
Assign the network-admin user role to SSH users after they pass authentication.
Figure 15 Network diagram
Procedure
# Configure IP addresses for interfaces. (Details not shown.)
# Create local RSA and DSA key pairs.
<Router> system-view
[Router] public-key local create rsa
[Router] public-key local create dsa
# Enable the SSH service.
[Router] ssh server enable
# Enable scheme authentication for user lines VTY 0 through VTY 63.
[Router] line vty 0 63
[Router-line-vty0-63] authentication-mode scheme
[Router-line-vty0-63] quit
# Create a device management user.
[Router] local-user ssh class manage
# Assign the SSH service to the local user.
[Router-luser-manage-ssh] service-type ssh
Figure
15, configure the router to meet the following requirements:
71
Advertisement
Table of Contents
Troubleshooting
