Programmable Internetworking & Communication Operating System Docs ... Click Spaces -> Space Directory to see docs for all releases ...
PICOS-4.1.1_Configuration_Guide
Page tree
Skip to end of metadata
Go to start of metadata

Here is a sample configuration file on the AAA server.

key = pica8

Accounting File
accounting file = /var/tmp/acctfile
default authentication = file /etc/passwd 
user = admin {
member = admins
} 
group = admins {
global = cleartext "password"
service = exec {
default attribute = permit
}
}
user = operator {
global = cleartext "operator"
service = exec {
default attribute = permit
}
}
user = ychen {
global = cleartext "ychen"
member = admins
service = exec {
default attribute = permit
}
}
Add "/usr/share/freeradius/dictionary.pica8" to radius server before the configuration.

Radius server configuration: 
operator Cleartext-Password := "testing"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 172.16.3.33,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP,
Class = "read-only" 
ychen Cleartext-Password := "testing"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 172.16.3.33,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP,
Class = "super-user" 

Follow the configuration above, the admin or operator can access the switch via SSH.
Any valid CLI commands executed by the admin or operator will be recorded to the specified accounting file. In our example above, the accounting file is/var/tmp/acctfile.


  • No labels

Copyright © 2023 Pica8 Inc. All Rights Reserved.