R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

101

102

103

104

105

106

107

108

109

110

NOTE:

The access device selects the authentication domain for a portal user on an interface in this order: the

authentication domain specified for the interface, the authentication domain carried in the username, and

the system default authentication domain.

Specifying the NAS ID value carried in a RADIUS

request

If you specify the NAS ID value to be carried in a RADIUS request on an interface, when a portal user

logs in from the interface, the firewall sends a RADIUS request that carries the specified NAS ID to the

RADIUS server.

Follow these steps to specify the NAS ID value carried in a RADIUS request:

To do… Use the command…

Remarks

Enter system view system-view —

Enter interface view

interface interface-type

interface-number

—

Specify the NAS ID value portal nas-id nas-identifier

Required

By default, the device name configured by

the sysname command is used as the NAS

ID.

Specifying a NAS ID profile for an interface

In some networks, users’ access points are identified by their access VLANs. Network carriers need to

use NAS-identifier to identify user access points. With a NAS ID profile specified on an interface, when

a user logs in from the interface, the access device checks the specified profile to obtain the NAS ID that

is bound with the access VLAN. The value of this NAS ID is used as that of the NAS-identifier attribute in

the RADIUS packets to be sent to the RADIUS server.

A NAS ID profile defines the binding relationship between VLANs and NAS IDs. A NAS ID-VLAN

binding is defined by the nas-id id-value bind vlan vlan-id command.

If no NAS-ID profile is specified for an interface or no matching binding is found in the specified profile:

• If a NAS ID is configured using the portal nas-id command, the firewall uses the configured NAS

ID as that of the interface.

• If the interface does not support NAS ID configuration or has no NAS ID configured, the firewall

uses the device name as the interface NAS ID.

Follow these steps to configure a NAS ID profile on an interface:

To do… Use the command…

Remarks

Enter system view system-view —

Create a NAS ID profile and enter

NAS ID profile view

aaa nas-id profile profile-name

Required

Bind a NAS ID with a VLAN

nas-id nas-identifier bind vlan

vlan-id

Required