Aaa Configuration Examples - HPE FlexNetwork MSR Series Configuration Manual

Task
Display the configuration of ISP domains.

AAA configuration examples

Authentication and authorization for SSH users by a RADIUS
server
Network requirements
As shown in
•
Use the RADIUS server for SSH user authentication and authorization.
•
Include domain names in the usernames sent to the RADIUS server.
•
Assign the default user role network-operator to SSH users after they pass authentication.
The RADIUS server runs on IMC. Add an account with username hello@bbb on the RADIUS
server.
The RADIUS server and the router use expert as the shared key for secure RADIUS
communication. The ports for authentication and accounting are 1812 and 1813, respectively.
Figure 12 Network diagram
SSH user
192.168.1.58/24
Configuration procedure
1. Configure the RADIUS server on IMC 5.0:
NOTE:
In this example, the RADIUS server runs on IMC PLAT 5.0 (E0101) and IMC UAM 5.0 (E0101).
# Add the router to the IMC Platform as an access device.
Log in to IMC, click the Service tab, and select User Access Manager > Access Device
Management > Access Device from the navigation tree. Then, click Add to configure an
access device as follows:
a. Set the shared key for secure RADIUS communication to expert.
b. Set the ports for authentication and accounting to 1812 and 1813, respectively.
c. Select Device Management Service from the Service Type list.
d. Select HP(Comware) from the Access Device Type list.
Figure 12, configure the router to meet the following requirements:
RADIUS server
10.1.1.1/24
GE1/0/2
10.1.1.2/24
GE1/0/1
192.168.1.70/24
Router
Command
display domain [ isp-name ]
Internet
59