R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
154
To do… Use the command…
Remarks
Specify to interpret the class
attribute as the CAR parameters
attribute 25 car
Required
Be default, RADIUS attribute 25 is not
interpreted as CAR parameters.
Displaying and maintaining RADIUS
To do… Use the command…
Remarks
Display the configuration information
of a specified RADIUS scheme or all
RADIUS schemes
display radius scheme
[ radius-scheme-name ]
Available in any view
Display statistics about RADIUS packets
display radius statistics Available in any view
Display information about buffered
stop-accounting requests that get no
responses
display stop-accounting-buffer
{ radius-scheme radius-server-name |
session-id session-id | time-range start-time
stop-time | user-name user-name }
Available in any view
Clear RADIUS statistics reset radius statistics Available in user view
Clear buffered stop-accounting
requests that get no responses
reset stop-accounting-buffer
{ radius-scheme radius-server-name |
session-id session-id | time-range start-time
stop-time | user-name user-name }
Available in user view
AAA configuration examples
AAA for Telnet/SSH users by a RADIUS server
NOTE:
Configuration of RADIUS authentication, authorization, and accounting for SSH users is similar to that for
Telnet users. The following takes Telnet users as an example.
Network requirements
As shown in Figure 115 ,
• Configure an IMC server to act as the RADIUS server to provide authentication, authorization, and
accounting services for Telnet users. The IP address of the RADIUS server is 10.1.1.1/24.
• Set the shared keys for authentication, authorization, and accounting packets exchanged between
the LB module and the RADIUS server to expert and specify the ports for
authentication/authorization and accounting as 1812 and 1813 respectively.
• Specify that a username sent to the RADIUS server carries the domain name.
• Add an account on the RADIUS server, with the username being hello@bbb. The Telnet user uses
the username and the configured password to log in to the card and will be authorized with the
privilege level of 3 after successful login.