Displaying and maintaining aaa, Aaa configuration examples, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

216

Step Command

Remarks

2.

Create a NAS ID profile and

enter NAS ID profile view.

aaa nas-id profile profile-name

You can apply a NAS ID profile to
an interface enabled with portal.
See "Configuring portal."

3.

Configure a NAS ID-VLAN
binding.

nas-id nas-identifier bind vlan
vlan-id

By default, no NAS ID-VLAN
binding exists.

Displaying and maintaining AAA

Task Command

Remarks

Display the configuration
information of ISP domains.

display domain [ isp-name ] [ | { begin |
exclude | include } regular-expression ]

Available in any view

Display information about user
connections.

display connection [ access-type portal |
domain isp-name | interface interface-type

interface-number | ip ip-address | mac
mac-address | ucibindex ucib-index |

user-name user-name | vlan vlan-id ] [ | { begin

| exclude | include } regular-expression ]

Available in any view

AAA configuration examples

Authentication and authorization for Telnet and SSH users by a
RADIUS server

The RADIUS authentication and authorization configuration for SSH users is similar to that for Telnet users.

This example describes the configuration for Telnet users.

Network requirements

As shown in

Figure 157

, configure SecPath to use the RADIUS server to provide authentication and

authorization services for Telnet users and add an account with the username hello@bbb on the RADIUS

server, so that the Telnet user can log in to SecPath and is authorized with the privilege level 3 after login.
Set the shared keys for secure RADIUS communication to expert, and set the ports for
authentication/authorization and accounting to 1812 and 1813, respectively. Configure SecPath to

include the domain name in the username sent to the RADIUS server.