R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

151

152

153

154

155

156

157

158

159

160

144

To do… Use the command…

Remarks

Configure the authorization

attributes for the user group

authorization-attribute { acl acl-number |

callback-number

callback-number | idle-cut minute | level

level | user-profile profile-name | vlan

vlan-id | work-directory directory-name } *

Optional

By default, no authorization

attribute is configured for a

user group.

Tearing down user connections

Follow these steps to tear down user connections:

To do… Use the command…

Remarks

Enter system view system-view —

Tear down AAA user

connections forcibly

cut connection { all | domain isp-name | interface

interface-type interface-number | ip ip-address |

mac mac-address | ucibindex ucib-index |

user-name user-name | vlan vlan-id }

Required

Applicable to only LAN

access at present.

Configuring a NAS ID-VLAN binding

The access locations of users can be identified by their access VLANs. In application scenarios where it

is required to identify the access locations of users, configure NAS ID-VLAN bindings on the LB module.

Then, when a user gets online, the LB module obtains the NAS ID by the access VLAN of the user and

sends the NAS ID to the RADIUS server through the NAS-identifier attribute.

Follow these steps to configure a NAS ID-VLAN binding:

To do… Use the command…

Remarks

Enter system view system-view —

Create a NAS ID profile and

enter NAS ID profile view

aaa nas-id profile profile-name Required

Configure a NAS ID-VLAN

binding

nas-id nas-identifier bind vlan

vlan-id

Required

By default, no NAS ID-VLAN binding exists.

Displaying and maintaining AAA

To do… Use the command…

Remarks

Display the configuration information of

a specified ISP domain or all ISP

domains

display domain [ isp-name ] Available in any view

Display information about specified or

all user connections

display connection [ domain isp-name |

interface interface-type interface-number

| ip ip-address | mac mac-address |

ucibindex ucib-index | user-name

user-name | vlan vlan-id ]

Available in any view

Display information about specified or

all local users

display local-user [ service-type { ftp |

ssh | telnet | terminal } | state { active |

block } | user-name user-name ]

Available in any view