R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide
53
Ste
p
Command
Remarks
11. Specify the accounting
method for SSL VPN users.
accounting ssl-vpn radius-scheme
radius-scheme-name
Optional.
The default accounting method
is used by default.
Tearing down user connections
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Tear down AAA user
connections.
cut connection { access-type { dot1x |
mac-authentication | portal } | all | domain isp-name
| interface interface-type interface-number | ip
ip-address | mac mac-address | ucibindex ucib-index
| user-name user-name } [ slot slot-number ]
The command
applies only to LAN,
portal, and PPP user
connections.
Configuring a NAS ID-VLAN binding
The access locations of users can be identified by their access VLANs. In application scenarios where
identifying the access locations of users is a must, configure NAS ID-VLAN bindings on the device. Then,
when a user gets online, the device obtains the NAS ID by the access VLAN of the user and sends the
NAS ID to the RADIUS server through the NAS-identifier attribute.
To configure a NAS ID-VLAN binding:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a NAS ID profile and
enter NAS ID profile view.
aaa nas-id profile profile-name
You can apply a NAS ID profile to
an interface enabled with portal.
See "Configuring portal."
3. Configure a NAS ID-VLAN
binding.
nas-id nas-identifier bind vlan
vlan-id
By default, no NAS ID-VLAN
binding exists.
Specifying the device ID used in stateful failover
mode
The following matrix shows the feature and router compatibility:
Feature 6602 HSR6602 6604/6608/6616
Specifying the device ID used in stateful
failover mode
Yes No No