Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
211212213214215216217218219220
206
Ste
p
Command
Remarks
3. Configure password
control attributes for
the user group.
Set the password aging time:
password-control aging aging-time
Set the minimum password length:
password-control length length
Configure the password composition
policy:
password-control composition
type-number type-number
[ type-length type-length ]
Optional.
By default, the user group uses
global settings, including a 90-day
password aging time, a minimum
password length of 10 characters,
and at least one password
composition type and at least one
character required for each
password composition type.
The password must contain at least
8 characters.
In FIPS mode, the composition
type-number must be 4.
4. Configure
authorization attributes
for the user group.
authorization-attribute { acl acl-number |
callback-number
callback-number | idle-cut minute | level
level | vlan vlan-id | work-directory
directory-name } *
Optional.
By default, no authorization
attribute is configured for a user
group.
5. Set the guest attribute
for the user group.
group-attribute allow-guest
Optional.
By default, the guest attribute is not
set for a user group, and guest
users created by a guest manager
through the Web interface cannot
join the group.
427BDisplaying and maintaining local users and local user groups
Task Command
Remarks
Display local user
information.
display local-user [ vd vd-name ] [ idle-cut
{ disable | enable } | service-type { dvpn |
ftp | portal | ppp | ssh | telnet | terminal
| web } | state { active | block } |
user-name user-name | vlan vlan-id ] [ |
{ begin | exclude | include }
regular-expression ]
Available in any view.
Support for dvpn and portal
keywords depends on the device
model. For more information, see
Access Control Command
Reference.
The ftp and telnet keywords are
not available for FIPS mode.
Display the user group
configuration.
display user-group [ group-name ] [ |
{ begin | exclude | include }
regular-expression ]
Available in any view.
230BConfiguring RADIUS schemes
A RADIUS scheme specifies the RADIUS servers that the device can cooperate with and defines a set of
parameters that the device uses to exchange information with the RADIUS servers. There might be
authentication/authorization servers and accounting servers, or primary servers and secondary servers.
The parameters include the IP addresses of the servers, the shared keys, and the RADIUS server type.