R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101
125
No. Sub-attribute Descri
p
tion
140 User_Group
User groups assigned after the SSL VPN user passes authentication. A user
may belong to more than one user group. In this case, the user groups are
delimited by semi-colons. This attribute is used for cooperation with the SSL
VPN device.
141 Security_Level Security level assigned after the SSL VPN user passes security authentication
201 Input-Interval-Octets Bytes input within a real-time accounting interval
202 Output-Interval-Octets Bytes output within a real-time accounting interval
203 Input-Interval-Packets Packets input within an accounting interval, in the unit set on the device
204 Output-Interval-Packets Packets output within an accounting interval, in the unit set on the device
205
Input-Interval-Gigaword
s
Result of bytes input within an accounting interval divided by 4G bytes
206
Output-Interval-Gigawo
rds
Result of bytes output within an accounting interval divided by 4G bytes
207 Backup-NAS-IP Backup source IP address for sending RADIUS packets
255 Product_ID Product name
AAA configuration considerations and task list
To configure AAA, you must complete these tasks on the NAS:
1. Configure the required AAA schemes.
• Local authentication—Configure local users and the related attributes, including the usernames and
passwords of the users to be authenticated.
• Remote authentication—Configure the required RADIUS and HWTACACS. You must configure user
attributes on the servers accordingly.
2. Configure AAA methods for the users’ ISP domains.
• Authentication method—No authentication (none), local authentication (local), or remote
authentication (scheme)
• Authorization method—No authorization (none), local authorization (local), or remote
authorization (scheme)
• Accounting method—No accounting (none), local accounting (local), or remote accounting
(scheme)
Figure 88 illu
strates the configuration procedure.