F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

201

202

203

204

205

206

207

208

209

210

200

No. Sub-attribute Descri

tion

60 Ip_Host_Addr

User IP address and MAC address carried in authentication and

accounting requests, in the format A.B.C.D hh:hh:hh:hh:hh:hh. A space is

required between the IP address and the MAC address.

61 User_Notify Information that must be sent from the server to the client transparently.

62 User_HeartBeat

Hash value assigned after an 802.1X user passes authentication, which is

a 32-byte string. This attribute is stored in the user list on the NAS and is

used for verifying the handshake messages from the 802.1X user. This

attribute only exists in Access-Accept and Accounting-Request packets.

140 User_Group

User groups assigned after the SSL VPN user passes authentication. A user

may belong to more than one user group. In this case, the user groups are

delimited by semi-colons. This attribute is used for cooperation with the SSL

VPN device.

141 Security_Level

Security level assigned after the SSL VPN user passes security

authentication.

201 Input-Interval-Octets Number of bytes input within a real-time accounting interval.

202 Output-Interval-Octets Number of bytes output within a real-time accounting interval.

203 Input-Interval-Packets

Number of packets input within an accounting interval, in the unit set on

the NAS.

204 Output-Interval-Packets

Number of packets output within an accounting interval, in the unit set on

the NAS.

205 Input-Interval-Gigawords Amount of bytes input within an accounting interval, in units of 4G bytes.

206 Output-Interval-Gigawords Amount of bytes output within an accounting interval, in units of 4G bytes.

207 Backup-NAS-IP Backup source IP address for sending RADIUS packets.

255 Product_ID Product name.

78B

Configuring AAA at the CLI

To configure AAA on the NAS at the CLI:

1. Configure the required AAA schemes.

{ Local authentication—Configure local users and the related attributes, including the usernames

and passwords for the users to be authenticated.

{ Remote authentication—Configure the required RADIUS and HWTACACS schemes. You must

configure user attributes on the servers accordingly.

2. Configure AAA methods for the ISP domain.

{ Authentication method—No authentication (none), local authentication (local), or remote

authentication (scheme)

{ Authorization method—No authorization (none), local authorization (local), or remote

authorization (scheme)

{ Accounting method—No accounting (none), local accounting (local), or remote accounting

(scheme)

See

706HFigure 144 for the configuration procedure.