HP 5120 SI Series Security Configuration Manual page 60

Set both the shared keys for packets exchanged with the RADIUS server to expert; and specify that
•
a username sent to the RADIUS server carries the domain name. The RADIUS server provides
different user services according to the domain names.
• Add an account on the RADIUS server, with the username being hello@bbb. The SSH user uses the
username and the configured password to log in to the switch and is authorized with the privilege
level of 3 after login.
Figure 11 Configure authentication/authorization for SSH users by a RADIUS server
Configuration procedure
1. Configure the RADIUS server (iMC PLAT 5.0)
NOTE:
This example assumes that the RADIUS server runs iMC PLAT 5.0 (E0101) and iMC UAM 5.0 (E0101).
# Add an access device.
Log in to the iMC management platform, select the Service tab, and select User Access Manager >
Access Device from the navigation tree to enter the Access Device page. Then, click Add to enter the Add
Access Device window and perform the following configurations as shown in
Set the shared key for authentication and accounting to expert
•
Specify the ports for authentication and accounting as 1812 and 1813 respectively
•
Select Device Management Service as the service type
•
Select HP as the access device type
•
• Select the access device from the device list or manually add the device with the IP address of
10.1.1.2
Click OK to finish the operation
•
NOTE:
The IP address of the access device specified above must be the same as the source IP address of the
RADIUS packets sent from the device, which is the IP address of the outbound interface by default, or
otherwise the IP address specified with the nas-ip or radius nas-ip command on the device.
48
Figure 12.