R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

141

142

143

144

145

146

147

148

149

150

136

• IP address pool for allocating addresses to PPP users. The LB module assigns IP addresses in this

pool to PPP users in the domain.

• Default authorization user profile. If a user passes authentication but is authorized with no user

profile, the LB module authorizes the default user profile of the ISP domain to the user and restricts

the user’s behavior based on the profile.

Follow these steps to configure ISP domain attributes:

To do… Use the command…

Remarks

Enter system view system-view —

Enter ISP domain view domain isp-name —

Place the ISP domain to the state of

active or blocked

state { active | block }

Optional

When created, an ISP domain is in the

active state by default, and users in the

domain can request network services.

Specify the maximum number of

active users in the ISP domain

access-limit enable

max-user-number

Optional

No limit by default

Configure the idle cut function

idle-cut enable minute

flow

Optional

Disabled by default

Currently, this command is effective only for

LAN users.

Configure the self-service server

location function

self-service-url enable

url-string

Optional

Disabled by default

Specify the default authorization

user profile

authorization-attribute

user-profile profile-name

Optional

By default, an ISP domain has no default

authorization user profile.

NOTE:

self-service RADIUS server, for example, Intelligent Management Center (IMC), is required for the

self-service server location function to work. With the self-service function, users can mana

e and control

their accounting information or card numbers. A server with self-service software is a self-service server.

Configuring AAA authentication methods for an ISP domain

In AAA, authentication, authorization, and accounting are separate processes. Authentication refers to

the interactive authentication process of username/password/user information during an access or

service request. The authentication process neither sends authorization information to a supplicant nor

triggers any accounting.

AAA supports the following authentication methods:

• No authentication (none): All users are trusted and no authentication is performed. Generally, do

not use this method.

• Local authentication (local)—Authentication is performed by the LB module, which is configured

with the user information, including the usernames, passwords, and attributes. Local authentication

allows high speed and low cost, but the amount of information that can be stored is limited by the

hardware.