Manualshelf

R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
221222223224225226227228229230
214
Step Command Remarks
6. Specify the accounting
method for DVPN users.
accounting dvpn { local | none |
radius-scheme radius-scheme-name
[ local | none ] }
Optional.
The default accounting method is
used by default.
7. Specify the accounting
method for login users.
accounting login { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local
| none | radius-scheme
radius-scheme-name [ local ] }
Optional.
The default accounting method is
used by default.
8. Specify the accounting
method for portal users.
accounting portal { local | none |
radius-scheme radius-scheme-name
[ local ] }
Optional.
The default accounting method is
used by default.
9. Specify the accounting
method for PPP users.
accounting ppp { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local
| none | radius-scheme
radius-scheme-name [ local ] }
Optional.
The default accounting method is
used by default.
10. Specify the accounting
method for SSL VPN users.
accounting ssl-vpn radius-scheme
radius-scheme-name
Optional.
The default accounting method is
used by default.
Forcibly tearing down user connections
To tear down user connections:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Forcibly tear down AAA user
connections.
cut connection { access-type { dot1x |
mac-authentication | portal } | all | domain
isp-name | interface interface-type
interface-number | ip ip-address | mac
mac-address | ucibindex ucib-index | user-name
user-name | vlan vlan-id }
This command
applies only to portal
and PPP user
connections.
Configuring a NAS ID-VLAN binding
The access locations of users can be identified by their access VLANs. In application scenarios where it
is required to identify the access locations of users, configure NAS ID-VLAN bindings on the access
device. Then, when a user gets online, the access device obtains the NAS ID by the access VLAN of the
user and sends the NAS ID to the RADIUS server through the NAS-identifier attribute.
To configure a NAS ID-VLAN binding:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a NAS ID profile and
enter NAS ID profile view.
aaa nas-id profile profile-name
You can apply a NAS ID profile to
an interface enabled with portal.
See " Configuring portal."