
53
Authentication and authorization for SSH users by a RADIUS
server
Network requirements
As shown in
, configure the switch to meet the following requirements:
•
Use the RADIUS server for SSH user authentication and authorization.
•
Include domain names in the usernames sent to the RADIUS server.
•
Assign the default user role
network-operator
to SSH users after they pass authentication.
The RADIUS server runs on IMC. Add an account with the username
hello@bbb
on the RADIUS
server.
The RADIUS server and the switch use
expert
as the shared key for secure RADIUS communication.
The ports for authentication and accounting are
1812
and
1813
, respectively.
Figure 13 Network diagram
Configuration procedure
1.
Configure the RADIUS server on IMC 5.0:
NOTE:
In this example, the RADIUS server runs on IMC PLAT 5.0 (E0101) and IMC UAM 5.0 (E0101).
# Add the switch to the IMC Platform as an access device.
Log in to IMC, click the
Service
tab, and select
User
Access Manager
>
Access Device
Management
>
Access Device
from the navigation tree. Then, click
Add
to configure an
access device as follows:
a.
Set the shared key for secure RADIUS communication to
expert
.
b.
Set the ports for authentication and accounting to 1812 and 1813, respectively.
c.
Select the service type
Device Management Service
.
d.
Select the access device type
HP(Comware)
.
e.
Select the access device from the device list or manually add the access device (with the IP
address 10.1.1.2).
f.
Leave the default settings for other parameters and click
OK
.
The IP address of the access device specified here must be the same as the source IP address
of the RADIUS packets sent from the switch. The source IP address is chosen in the following
order on the switch:
{
IP address specified by the
nas-ip
command.
{
IP address specified by the
radius nas-ip
command.
Summary of Contents for 10500 series
Page 326: ...312 No duration limit for this SA ...