R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide
54
Two devices working in stateful failover mode for portal services are uniquely identified by their device
IDs. A device ID can only be 1 or 2. For more information about the stateful failover mode for portal
services, see "Configuring portal."
The device ID must be used for stateful failover mode. Do not configure any device ID for a device
working in stand-alone mode.
Configuring or changing the device ID of a device will log out all online users of the device. HP
recommends that you save the configuration and reboot the device after configuring or changing the
device ID.
To specify the device ID used in stateful failover mode:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Specify the device ID used
in stateful failover mode.
nas device-id device-id
By default, a device works in standalone
mode and has no device ID.
Displaying and maintaining AAA
Task Command
Remarks
Display the configuration of
ISP domains.
display domain [ isp-name ] [ | { begin | exclude | include }
regular-expression ]
Available in
any view.
Display information about
user connections.
display connection [ access-type { dot1x |
mac-authentication | portal } | domain isp-name | interface
interface-type interface-number | ip ip-address | mac
mac-address | ucibindex ucib-index | user-name user-name ]
[ slot slot-number ] [ | { begin | exclude | include }
regular-expression ]
Available in
any view.
AAA configuration examples
RADIUS authentication/authorization for Telnet/SSH users
The configuration of RADIUS authentication and authorization for SSH users is similar to that for Telnet
users. This example describes the configuration for Telnet users.
Network requirements
As shown in Figure 10, configure the router to use the RADIUS server for Telnet user authentication and
authorization and add an account with the username hello@bbb on the RADIUS server, so the Telnet user
can log in to the router and is authorized with the privilege level 3 after login.
Set the shared key for secure RADIUS communication to expert, and set the ports for
authentication/authorization to 1812, respectively. Configure the router to include the domain name in
the usernames sent to the RADIUS server.