R3303-HP HSR6800 Routers Security Configuration Guide
54
Task Command
Remarks
Display information about
user connections (in IRF
mode).
display connection [ access-type { dot1x |
mac-authentication | portal } | domain isp-name | interface
interface-type interface-number | ip ip-address | mac
mac-address | ucibindex ucib-index | user-name user-name ]
[ chassis chassis-number slot slot-number ] [ | { begin |
exclude | include } regular-expression ]
Available in
any view.
AAA configuration examples
RADIUS authentication/authorization for Telnet/SSH users
The configuration of RADIUS authentication and authorization for SSH users is similar to that for Telnet
users. This example describes the configuration for Telnet users.
Network requirements
As shown in Figure 10, configure the router to use the RADIUS server for Telnet user authentication and
authorization and add an account with the username hello@bbb on the RADIUS server, so the Telnet user
can log in to the router and is authorized with the privilege level 3 after login.
Set the shared key for secure RADIUS communication to expert, and set the ports for
authentication/authorization to 1812, respectively. Configure the router to include the domain name in
the usernames sent to the RADIUS server.
Figure 10 Network diagram
Configuring the RADIUS server
This section assumes that the RADIUS server runs on IMC PLAT 5.1 SP1 (E0202P05) and IMC UAM 5.1
(E0301).
1. Add the router to the IMC Platform as an access device:
a. Log in to IMC, click the Service tab, and select User Access Manager > Access Device
Management > Access Device from the navigation tree.
b. Click Add to configure an access device as follows:
Set the shared key for secure authentication and accounting communication to expert.
Set the ports for authentication to 1812, respectively.
Select the service type Device Management Service.