R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

Ste

Command

Remarks

3. Place the ISP domain to the

active or blocked state.

state { active | block }

Optional.

By default, an ISP domain is in active

state, and users in the domain can

request network services.

4. Specify the maximum

number of online users in the

ISP domain.

access-limit enable

max-user-number

Optional.

No limit is specified by default.

5. Configure the idle cut

function.

idle-cut enable minute [ flow ]

Optional.

Disabled by default.

This command is effective only on

LAN, portal, and PPP users.

6. Enable the self-service server

location function and specify

the URL of the self-service

server.

self-service-url enable url-string

Optional.

Disabled by default.

7. Define an IP address pool

for allocating addresses to

PPP users.

ip pool pool-number

low-ip-address [ high-ip-address ]

Optional.

By default, no IP address pool is

configured for PPP users.

8. Specify the default

authorization user profile.

authorization-attribute

user-profile profile-name

Optional.

By default, an ISP domain has no

default authorization user profile.

9. Set the device to include the

idle cut time in the user

online time to be uploaded

to the server.

session-time include-idle-time

Optional.

By default, the user online time

uploaded to the server excludes the

idle cut time.

Configuring authentication methods for an ISP domain

In AAA, authentication, authorization, and accounting are separate processes. Authentication refers to

the interactive authentication process of username/password/user information during an access or

service request. The authentication process neither sends authorization information to a supplicant nor

triggers any accounting.

AAA supports the following authentication methods:

• No authentication (none)—No authentication is performed. This method trusts all users and is not

for general use.

• Local authentication (local)—Authentication is performed by the NAS, which is configured with the

user information, including the usernames, passwords, and attributes. Local authentication allows

high speed and low cost, but the amount of information that can be stored is limited by the size of

the storage space.

• Remote authentication (scheme)—The NAS cooperates with a RADIUS or HWTACACS server to

authenticate users. Remote authentication provides centralized information management, high

capacity, high reliability, and support for centralized authentication service for multiple NASs. You

can configure local or no authentication as the backup method, which will be used when the remote

server is not available. The no authentication method can only be configured for LAN users as the

backup method of remote authentication.