F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

171

172

173

174

175

176

177

178

179

180

164

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter interface view.

interface interface-type

interface-number

N/A

3. Specify an authentication

domain for portal users on the

interface.

portal domain domain-name

By default, no authentication domain is

specified for portal users.

The device selects the authentication domain for a portal user on an interface in this order: the

authentication domain specified for the interface, the authentication domain carried in the username,

and the system default authentication domain. For information about the default authentication domain,

see "Configuring AAA."

69B

Configuring RADIUS related attributes

208BSpecifying NAS-Port-Type for an interface

NAS-Port-Type is a standard RADIUS attribute for indicating a user access port type. With this attribute

specified on an interface, when a portal user logs on from the interface, the device uses the specified

NAS-Port-Type value as that in the RADIUS request to be sent to the RADIUS server. If NAS-Port-Type is not

specified, the device uses the access port type obtained.

If there are multiple network devices between the Broadband Access Server (the portal authentication

access device) and a portal client, the BAS may not be able to obtain a user's correct access port

information. For example, for a wireless client using portal authentication, the access port type obtained

by the BAS may be the type of the wired port that authenticates the user. To make sure that the BAS

delivers the right access port information to the RADIUS server, specify the NAS-Port-Type according to

the practical access environment.

To specify the NAS-Port-Type value for an interface:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter interface view.

interface interface-type

interface-number

N/A

3. Specify the NAS-Port-Type

value for the interface.

portal nas-port-type { ethernet |

wireless }

Not configured by default.

209BSpecifying the NAS-Port-ID for an interface

If the device uses a RADIUS server for authentication, authorization, and accounting of portal users,

when a portal user logs on from an interface, the device sends a RADIUS request that carries the

NAS-Port-ID attribute to the RADIUS server. The portal server configuration determines the usage of the

NAS-Port-ID attribute.

To specify the NAS-Port-ID value carried in a RADIUS request sent from an interface: