R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101
215
Ste
p
Command
Remarks
3. Configure a NAS ID-VLAN
binding.
nas-id nas-identifier bind vlan
vlan-id
By default, no NAS ID-VLAN
binding exists.
Displaying and maintaining AAA
Task Command Remarks
Display the configuration
information of ISP domains.
display domain [ isp-name ] [ | { begin | exclude |
include } regular-expression ]
Available in any view
Display information about
user connections.
display connection [ access-type { dot1x |
mac-authentication | portal } | domain isp-name |
interface interface-type interface-number | ip
ip-address | mac mac-address | ucibindex ucib-index
| user-name user-name | vlan vlan-id ] [ | { begin |
exclude | include } regular-expression ]
Available in any view
AAA configuration examples
Authentication and authorization for Telnet and SSH users by a
RADIUS server
The RADIUS authentication and authorization configuration for SSH users is similar to that for Telnet users.
This example describes the configuration for Telnet users.
Network requirements
As shown in Figure 155, configure Firewall to use the RADIUS server to provide authentication and
authorization services for Telnet users and add an account with the username hello@bbb on the RADIUS
server, so that the Telnet user can log in to Firewall and is authorized with the privilege level 3 after login.
Set the shared keys for secure RADIUS communication to expert, and set the ports for
authentication/authorization and accounting to 1812 and 1813 respectively. Configure Firewall to
include the domain name in the username sent to the RADIUS server.
Figure 155 Network diagram