F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100
232
Hardware Portal user accountin
g
method com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 No
Firewall module Yes
U200-A Yes
U200-S Yes
Hardware SSL VPN user accountin
g
method com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 No
Firewall module No
U200-A Yes
U200-S Yes
233BTearing down user connections
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Tear down AAA user
connections.
cut connection { access-type portal |
all | domain isp-name | interface
interface-type interface-number | ip
ip-address | mac mac-address |
ucibindex ucib-index | user-name
user-name | vlan vlan-id }
The command applies to portal
and PPP user connections.
Support for the portal keyword
depends on the device model. For
more information, see Access
Control Command Reference.
234BConfiguring a NAS ID-VLAN binding
The access locations of users can be identified by their access VLANs. In application scenarios where
identifying the access locations of users is a must, configure NAS ID-VLAN bindings on the device. Then,
when a user gets online, the device obtains the NAS ID by the access VLAN of the user and sends the
NAS ID to the RADIUS server through the NAS-identifier attribute.
To configure a NAS ID-VLAN binding:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a NAS ID profile and
enter NAS ID profile view.
aaa nas-id profile profile-name
You can apply a NAS ID profile to an
interface enabled with portal. For
more information, see "Configuring
portal authentication."