HP A 5120 Manual

Here you can view all the pages of manual HP A 5120 Manual. The HP manuals for Switch are available online for free. You can easily download all the documents as PDF.

Overview View all the pages Comments

Page 51

41 
 Local  accounting (local)—Local  accounting  is implemented  on  the  access  device.  It  is for counting 
and controlling the  number  of concurrent  users  who  use  the  same  local  user  account;  it  does  not 
provide  statistics for charging. The  maximum  number  of  concurrent  users  using  the  same  local  user 
account is set by the access-limit command in local user view. 
 Remote  accounting (scheme)—The  access  device  cooperates  with a  RADIUS  server  or HWTACACS 
server for...

Page 52

42 
 NOTE: 
 With the accounting optional command configured, a user that would be otherwise disconnected can still use 
the network resources even when no accounting server is available or communication with the current 
accounting server fails. 
 The local accounting method is not used to implement accounting, but to work together with the access-limit 
command, which is configured in local user view, to limit the number of local user connections. However, with 
the accounting optional command...

Page 53

43 
To do… Use the command… Remarks 
Enter system view system-view — 
Create a RADIUS user and 
enter RADIUS server user view radius-server user user-name Required 
No RADIUS user exists by default. 
Configure a password for the 
RADIUS user 
password [ cipher | simple ] 
password 
Optional 
By default, no password is specified. 
Configure the authorization 
attribute for the RADIUS user 
authorization-attribute { acl 
acl-number | vlan vlan-id } * 
Optional 
Not configured by default. 
Configure the...

Page 54

44 
Displaying and maintaining AAA 
To do… Use the command… Remarks 
Display the configuration 
information of ISP domains 
display domain [ isp-name ] [ | { begin | 
exclude | include } regular-expression ] Available in any view 
Display information about user 
connections 
display connection [ access-type { dot1x | 
mac-authentication | portal } |  domain isp-
name | interface interface-type interface-
number | ip ip-address | mac mac-address | 
ucibindex ucib-index | user-name user-name | 
vlan...

Page 55

45 
# Specify the primary authentication server. 
[Switch-hwtacacs-hwtac] primary authentication 10.1.1.1 49 
# Specify the primary authorization server. 
[Switch-hwtacacs-hwtac] primary authorization 10.1.1.1 49 
# Specify the primary accounting server. 
[Switch-hwtacacs-hwtac] primary accounting 10.1.1.1 49 
# Set the shared key for authentication, authorization, and accounting packets to expert. 
[Switch-hwtacacs-hwtac] key authentication expert 
[Switch-hwtacacs-hwtac] key authorization expert...

Page 56

46 
Figure 11 Configure AAA by separate servers for Telnet users 
 
 
Configuration procedure 
# Configure the IP addresses of various interfaces (omitted). 
# Enable the Telnet server on the switch. 
 system-view 
[Switch] telnet server enable 
# Configure the switch to use AAA for Telnet users. 
[Switch] user-interface vty 0 4 
[Switch-ui-vty0-4] authentication-mode scheme 
[Switch-ui-vty0-4] quit 
# Configure the HWTACACS scheme. 
[Switch] hwtacacs scheme hwtac 
[Switch-hwtacacs-hwtac] primary...

Page 57

47 
Or 
[Switch] domain bbb 
[Switch-isp-bbb] authentication default local 
[Switch-isp-bbb] authorization default hwtacacs-scheme hwtac 
[Switch-isp-bbb] accounting default radius-scheme rd 
When telnetting to the switch, a user enters username telnet@bbb for authentication using domain bbb. 
Authentication/Authorization for SSH/Telnet users by a 
RADIUS server  
 NOTE: 
The configuration of authentication and authorization for SSH users is similar to that for Telnet users. 
The following takes SSH...

Page 58

48 
 Specify the ports for authentication and accounting as 1812 and 1813 respectively 
 Select Device Management Service as the service type 
 Select HP(A-Series) as the access device type  
 Select  the  access  device  from  the  device  list  or  manually  add  the  device  with  the  IP  address  of 
10.1.1.2 
 Click OK to finish the operation  
 NOTE: 
The IP address of the access device specified above must be the same as the source IP address of the 
RADIUS packets sent from the device,...

Page 59

49 
Figure 14 Add an account for device management 
 
 
2. Configure the switch 
# Configure the IP address of VLAN interface 2, through which the SSH user accesses the switch. 
 system-view 
[Switch] interface vlan-interface 2 
[Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 
[Switch-Vlan-interface2] quit 
# Configure the IP address of VLAN-interface 3, through which the switch access the server.  
[Switch] interface vlan-interface 3 
[Switch-Vlan-interface3] ip address 10.1.1.2...

Page 60

50 
[Switch] radius scheme rad 
# Specify the primary authentication server. 
[Switch-radius-rad] primary authentication 10.1.1.1 1812 
# Set the shared key for authentication packets to expert. 
[Switch-radius-rad] key authentication expert 
# Configure the scheme to include the domain names in usernames to be sent to the RADIUS server. 
[Switch-radius-rad] user-name-format with-domain 
#  Specify  the  service  type  for  the  RADIUS  server,  which  must  be extended when  the  RADIUS  server  runs...

Start reading HP A 5120 Manual

Related Manuals for HP A 5120 Manual

HP 18108 Instruction Manual
71 pages | HP Switch
HP A 5120 Manual
1464 pages | HP Switch

All HP manuals