Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
61626364656667686970
53
Ste
p
Command
Remarks
2. Tear down AAA user
connections.
In standalone mode:
cut connection { access-type { dot1x |
mac-authentication | portal } | all | domain
isp-name | interface interface-type
interface-number | ip ip-address | mac
mac-address | ucibindex ucib-index | user-name
user-name } [ slot slot-number ]
In IRF mode:
cut connection { access-type { dot1x |
mac-authentication | portal } | all | domain
isp-name | interface interface-type
interface-number | ip ip-address | mac
mac-address | ucibindex ucib-index | user-name
user-name } [ chassis chassis-number slot
slot-number ]
The command
applies only to LAN,
portal, and PPP user
connections.
Configuring a NAS ID-VLAN binding
The access locations of users can be identified by their access VLANs. In application scenarios where
identifying the access locations of users is a must, configure NAS ID-VLAN bindings on the device. Then,
when a user gets online, the device obtains the NAS ID by the access VLAN of the user and sends the
NAS ID to the RADIUS server through the NAS-identifier attribute.
To configure a NAS ID-VLAN binding:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a NAS ID profile and
enter NAS ID profile view.
aaa nas-id profile profile-name
You can apply a NAS ID profile to
an interface enabled with portal.
See "Configuring portal."
3. Configure a NAS ID-VLAN
binding.
nas-id nas-identifier bind vlan
vlan-id
By default, no NAS ID-VLAN
binding exists.
Displaying and maintaining AAA
Task Command
Remarks
Display the configuration of
ISP domains.
display domain [ isp-name ] [ | { begin | exclude | include }
regular-expression ]
Available in
any view.
Display information about
user connections (in
standalone mode).
display connection [ access-type { dot1x |
mac-authentication | portal } | domain isp-name | interface
interface-type interface-number | ip ip-address | mac
mac-address | ucibindex ucib-index | user-name user-name ]
[ slot slot-number ] [ | { begin | exclude | include }
regular-expression ]
Available in
any view.