Figure 23 shows the scenario for this configuration example.
Figure 23: FTP Configuration Example
In this example, two FTP lines are required for administrators on the data center subnet, and two more lines are required for users on the POP subnet. The system verifies passwords of administrators on the data center subnet through either a RADIUS server or through simple line authentication if the RADIUS server is unreachable. However, the system verifies passwords of users on the POP subnet only through the RADIUS server.
The following example shows all steps for configuring this scenario, from specifying a RADIUS server to enabling the FTP line:
- host1(config)#radius authentication server
10.6.131.51
- host1(config-radius)#key abc123
- host1(config-radius)#udp-port 1645
- host1(config)#access-list DataCenter permit
10.6.128.0 255.255.128.0
- host1(config)#access-list DataCenter deny
any
- host1(config)#access-list Pops permit 199.125.128.0
255.255.128.0
- host1(config)#access-list Pops deny any
- host1(config)#aaa new-model
- host1(config)#aaa authentication login RadiusAndLine
radius line
- host1(config)#aaa authentication login RadiusOnly
radius
- host1(config)#line vty 0 1
- host1(config-line)#password foobar
- host1(config-line)#access-class DataCenter
in
- host1(config-line)#login authentication RadiusAndLine
- host1(config)#line vty 2 4
- host1(config-line)#password foobar
- host1(config-line)#access-class Pops in
- host1(config-line)#login authentication RadiusOnly
- host1(config)#ftp-server enable
 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |