R21xx-HP FlexFabric 11900 Security Configuration Guide
43
To enable the session-control feature:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the session-control
feature.
radius session-control enable
By default, the session-control
feature is disabled.
Setting the maximum number of concurrent login
users
Perform this task to set the maximum number of concurrent users who can log on to the device through FTP,
SSH, or Telnet, regardless of their authentication methods: no authentication, local authentication, or
remote authentication.
To set the maximum number of concurrent login users:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Set the maximum number of
concurrent login users.
aaa session-limit { ftp | ssh |
telnet } max-sessions
By default, the maximum number of
concurrent FTP, SSH, or Telnet
users is 16.
Displaying and maintaining AAA
Execute the display command in any view.
Task Command
Display the configuration of ISP domains. display domain [ isp-name ]
AAA for SSH users by an HWTACACS server
Network requirements
As shown in Figure 11, configure the switch to use the HWTACACS server for SSH user authentication,
authorization, and accounting, and to assign the default user role network-operator to SSH users after
they pass authentication.
Set the shared keys for secure HWTACACS communication to expert. Configure the switch to send
usernames without domain names to the HWTACACS server.