F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100
233
Ste
p
Command
Remarks
3. Configure a NAS ID-VLAN
binding.
nas-id nas-identifier bind vlan
vlan-id
By default, no NAS ID-VLAN binding
exists.
235BDisplaying and maintaining AAA
Task Command
Remarks
Display the configuration of
ISP domains.
display domain [ isp-name ] [ | { begin | exclude |
include } regular-expression ]
Available in any view.
Display information about
user connections.
display connection [ access-type portal | domain
isp-name | interface interface-type interface-number |
ip ip-address | mac mac-address | ucibindex
ucib-index | user-name user-name | vlan vlan-id ] [ |
{ begin | exclude | include } regular-expression ]
Available in any view.
236BAuthentication/authorization for Telnet/SSH users by a
RADIUS server
The configuration of RADIUS authentication and authorization for SSH users is similar to that for Telnet
users. This example describes the configuration for Telnet users.
462BNetwork requirements
As shown in 757HFigure 145, configure the firewall to use the RADIUS server for Telnet user authentication and
authorization and add an account with the username hello@bbb on the RADIUS server, so the Telnet
user can log in to the firewall and is authorized with the privilege level 3 after login.
Set the shared key for secure RADIUS communication to expert, and set the ports for
authentication/authorization and accounting to 1812 and 1813, respectively. Configure the firewall to
include the domain name in the usernames sent to the RADIUS server.
Figure 145 Network diagram
463BConfiguring the RADIUS server
For more information about RADIUS server configuration, see the configuration manual provided with
the RADIUS server.