Security
ExtremeWare XOS 11.3 Concepts Guide
328
Complete the following two steps to limit the maximum concurrent login sessions under the same user
account:
1 Configure Radius and Radius-Accounting on the switch.
The Radius and Radius-Accounting servers used for this feature must reside on the same physical
Radius server. Standard Radius and Radius-Accounting configuration is required as described earlier
in this chapter.
2 Modify the Funk SBR ‘vendor.ini’ file and user accounts.
To configure the Funk SBR server, the file ‘vendor.ini’ must be modified to change the Extreme
Networks configuration value of ‘ignore-ports’ to yes as shown in the example below:
vendor-product = Extreme Networks
dictionary = Extreme
ignore-ports = yes
port-number-usage = per-port-type
help-id = 2000
After modifying the ‘vendor.ini’ file, the desired user accounts must be configured for the Max-
Concurrent connections. Using the SBR Administrator application, enable the check box for ‘Max-
Concurrent connections’ and fill in the desired number of maximum sessions.
RADIUS Server Configuration Example (Merit)
Many implementations of RADIUS server use the publicly available Merit
©
AAA server application. To
get a copy, search for the server on the website at:
www.merit.edu
Included below are excerpts from relevant portions of a sample Merit RADIUS server implementation.
The example shows excerpts from the client and user configuration files. The client configuration file
(
ClientCfg.txt) defines the authorized source machine, source name, and access level. The user
configuration file (
users) defines username, password, and service type information.
ClientCfg.txt
#Client Name Key [type] [version] [prefix]
#---------------- --------------- -------------- --------- --------
#10.1.2.3:256 test type = nas v2 pfx
#pm1 %^$%#*(&!(*&)+ type=nas pm1.
#pm2 :-):-(;^):-}! type nas pm2.
#merit.edu/homeless hmoemreilte.ses
#homeless testing type proxy v1
#xyz.merit.edu moretesting type=Ascend:NAS v1
#anyoldthing:1234 whoknows? type=NAS+RAD_RFC+ACCT_RFC
10.202.1.3 andrew-linux type=nas
10.203.1.41 eric type=nas
10.203.1.42 eric type=nas
10.0.52.14 samf type=nas
users
user Password = ""
Filter-Id = "unlim"
admin Password = "", Service-Type = Administrative
Filter-Id = "unlim"
eric Password = "", Service-Type = Administrative