Manualshelf

R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
171172173174175176177178179180
169
Ste
p
Command
Remarks
2. Create a user group and
enter user group view.
user-group group-name N/A
3. Configure password
control attributes for the
user group.
Set the password aging time:
password-control aging aging-time
Set the minimum password length:
password-control length length
Configure the password composition
policy:
password-control composition
type-number type-number [ type-length
type-length ]
Optional.
By default, the global settings
apply, including a 90-day
password aging time, a
minimum password length of
10 characters, and at least one
password composition type
and at least one character
required for each password
composition type.
The minimum password length
is 8 characters.
In FIPS mode, the value of the
type-number argument must be
4.
4. Configure the
authorization attributes
for the user group.
authorization-attribute { acl acl-number |
callback-number
callback-number | idle-cut minute | level
level | user-profile profile-name | vlan
vlan-id | work-directory directory-name } *
Optional.
By default, no authorization
attribute is configured for a user
group.
5. Set the guest attribute for
the user group.
group-attribute allow-guest
Optional.
By default, the guest attribute is
not set for a user group, and
guest users created by a guest
manager through the web
interface cannot join the group.
Displaying and maintaining local users and local user groups
Task Command
Remarks
Display local user information.
display local-user [ idle-cut { disable | enable } |
service-type { dvpn | ftp | lan-access | portal |
ppp | ssh | telnet | terminal | web } | state
{ active | block } | user-name user-name | vlan
vlan-id ] [ | { begin | exclude | include }
regular-expression ]
Available in any view
In FIPS mode, the firewall
does not support ftp and
telnet keywords.
Display the user group
configuration information.
display user-group [ group-name ] [ | { begin |
exclude | include } regular-expression ]
Available in any view
Configuring RADIUS schemes in the web interface
A RADIUS scheme defines a set of parameters that the firewall uses to exchange information with the
RADIUS servers. There might be authentication servers and accounting servers, or primary servers and
secondary servers. The parameters mainly include the IP addresses of the servers, the shared keys, and
the RADIUS server type. By default, no RADIUS scheme exists.