Configuring A Nas-Id Profile; Displaying And Maintaining Aaa; Aaa Configuration Examples; Aaa For Ssh Users By An Hwtacacs Server - HP FlexNetwork 10500 Series Security Configuration Manual

Step
2. Set the maximum number of
concurrent login users.

Configuring a NAS-ID profile

By default, the device sends its device name in the NAS-Identifier attribute of all RADIUS requests.
A NAS-ID profile enables you to send different NAS-Identifier attribute strings in RADIUS requests
from different VLANs. The strings can be organization names, service names, or any user
categorization criteria, depending on the administrative requirements.
For example, map the NAS-ID companyA to all VLANs of company A. The device will send
companyA in the NAS-Identifier attribute for the RADIUS server to identify requests from any
Company A users.
You can apply a NAS-ID profile to portal- or port security-enabled interfaces. For more information,
see "Configuring portal" and
A NAS-ID can be bound with more than one VLAN, but a VLAN can be bound with only one NAS-ID.
To configure a NAS-ID profile:
Step
1. Enter system view.
2. Create a NAS-ID profile
and enter NAS-ID profile
view.
3. Configure a NAS-ID and
VLAN binding in the
profile.

Displaying and maintaining AAA

Execute display commands in any view.
Task
Display the configuration of ISP domains.

AAA configuration examples

AAA for SSH users by an HWTACACS server

Network requirements
As shown in
Command
•
•
"Configuring port
Command
system-view
aaa nas-id profile profile-name
nas-id nas-identifier bind vlan vlan-id
Figure 11, configure the switch to meet the following requirements:
In non-FIPS mode:
aaa session-limit { ftp | http
| https | ssh | telnet }
max-sessions
In FIPS mode:
aaa session-limit { https |
ssh } max-sessions
security."
Command
display domain [ isp-name ]
49
Remarks
By default, the maximum number
of concurrent login users is 32 for
each user type.
Remarks
N/A
By default, no NAS-ID profile
exists.
By default, no NAS-ID and VLAN
binding exists.