Step
6.
Specify the accounting
method for login users.
Enabling the session-control feature
A RADIUS server running on IMC can send a dynamic authorization change request or a disconnect
request by using a session-control packet. This task enables the device to receive RADIUS session-control
packets on UDP port 1812.
To enable the session-control feature:
Step
1.
Enter system view.
2.
Enable the session-control
feature.
Displaying and maintaining AAA
Execute the display command in any view.
Task
Display the configuration of ISP domains.
AAA configuration examples
Unless otherwise noted, devices in the configuration examples are operating in non-FIPS mode.
AAA for SSH users by an HWTACACS server
Network requirements
As shown in
authorization, and accounting.
Set the shared keys for secure HWTACACS communication to expert. Configure the switch to send
usernames without domain names to the HWTACACS server.
Configure the switch to assign the default user role network-operator to SSH users after they pass
authentication.
Command
accounting login { hwtacacs-scheme
hwtacacs-scheme-name [ radius-scheme
radius-scheme-name ] [ local ] [ none ] |
local [ none ] | none | radius-scheme
radius-scheme-name [ hwtacacs-scheme
hwtacacs-scheme-name ] [ local ] [ none ] }
Figure 1
1, configure the switch to use the HWTACACS server for SSH user authentication,
Command
system-view
radius session-control enable
Command
display domain [ isp-name ]
44
Remarks
By default, the default
accounting method is used
for login users.
The none keyword is not
supported in FIPS mode.
Remarks
N/A
By default, the session-control
feature is disabled.