HP VPN Firewall Appliances Access Control Command Reference
Table Of Contents
- Title Page
- Contents
- ACL commands
- acl
- acl accelerate
- acl copy
- acl ipv6
- acl ipv6 copy
- acl ipv6 name
- acl name
- description
- display acl
- display acl accelerate
- display acl ipv6
- reset acl counter
- reset acl ipv6 counter
- rule (Ethernet frame header ACL view)
- rule (IPv4 advanced ACL view)
- rule (IPv4 basic ACL view)
- rule (IPv6 advanced ACL view)
- rule (IPv6 basic ACL view)
- rule comment
- rule remark
- step
- Security zone commands
- Address resource commands
- Service resource commands
- Time range resource commands
- Interzone policy commands
- Session management commands
- application aging-time
- display application aging-time
- display session aging-time
- display session relation-table
- display session statistics
- display session statistics history
- display session table
- reset session
- reset session statistics
- session aging-time
- session checksum
- session log bytes-active
- session log enable
- session log packets-active
- session log time-active
- session mode hybrid
- session persist acl
- session synchronization enable
- IP virtual fragment reassembly commands
- Connection limit commands
- Portal commands
- access-user detect
- display portal acl
- display portal connection statistics
- display portal free-rule
- display portal interface
- display portal local-server
- display portal server
- display portal server statistics
- display portal tcp-cheat statistics
- display portal user
- portal auth-network
- portal delete-user
- portal domain
- portal free-rule
- portal local-server
- portal max-user
- portal nas-id-profile
- portal nas-ip
- portal nas-port-id
- portal nas-port-type
- portal redirect-url
- portal server
- portal server banner
- portal server method
- portal server server-detect
- portal server user-sync
- reset portal connection statistics
- reset portal server statistics
- reset portal tcp-cheat statistics
- AAA commands
- General AAA commands
- aaa nas-id profile
- access-limit enable
- accounting command
- accounting default
- accounting dvpn
- accounting login
- accounting optional
- accounting portal
- accounting ppp
- accounting ssl-vpn
- authentication default
- authentication dvpn
- authentication login
- authentication portal
- authentication ppp
- authentication ssl-vpn
- authentication super
- authorization command
- authorization default
- authorization dvpn
- authorization login
- authorization portal
- authorization ppp
- authorization ssl-vpn
- cut connection
- display connection
- display domain
- domain
- domain default enable
- domain if-unknown
- idle-cut enable
- ip pool
- nas-id bind vlan
- self-service-url enable
- session-time include-idle-time
- state (ISP domain view)
- Local user commands
- RADIUS commands
- accounting-on enable
- attribute 25 car
- data-flow-format (RADIUS scheme view)
- display radius scheme
- display radius statistics
- display stop-accounting-buffer (for RADIUS)
- key (RADIUS scheme view)
- nas-ip (RADIUS scheme view)
- primary accounting (RADIUS scheme view)
- primary authentication (RADIUS scheme view)
- radius client
- radius nas-ip
- radius scheme
- radius trap
- reset radius statistics
- reset stop-accounting-buffer (for RADIUS)
- retry
- retry realtime-accounting
- retry stop-accounting (RADIUS scheme view)
- secondary accounting (RADIUS scheme view)
- secondary authentication (RADIUS scheme view)
- security-policy-server
- server-type (RADIUS scheme view)
- state primary
- state secondary
- stop-accounting-buffer enable (RADIUS scheme view)
- timer quiet (RADIUS scheme view)
- timer realtime-accounting (RADIUS scheme view)
- timer response-timeout (RADIUS scheme view)
- user-name-format (RADIUS scheme view)
- vpn-instance (RADIUS scheme view)
- HWTACACS commands
- data-flow-format (HWTACACS scheme view)
- display hwtacacs
- display stop-accounting-buffer (for HWTACACS)
- hwtacacs nas-ip
- hwtacacs scheme
- key (HWTACACS scheme view)
- nas-ip (HWTACACS scheme view)
- primary accounting (HWTACACS scheme view)
- primary authentication (HWTACACS scheme view)
- primary authorization
- reset hwtacacs statistics
- reset stop-accounting-buffer (for HWTACACS)
- retry stop-accounting (HWTACACS scheme view)
- secondary accounting (HWTACACS scheme view)
- secondary authentication (HWTACACS scheme view)
- secondary authorization
- stop-accounting-buffer enable (HWTACACS scheme view)
- timer quiet (HWTACACS scheme view)
- timer realtime-accounting (HWTACACS scheme view)
- timer response-timeout (HWTACACS scheme view)
- user-name-format (HWTACACS scheme view)
- vpn-instance (HWTACACS scheme view)
- General AAA commands
- Password control commands
- display password-control
- display password-control blacklist
- password
- password-control { aging | composition | history | length } enable
- password-control aging
- password-control alert-before-expire
- password-control authentication-timeout
- password-control complexity
- password-control composition
- password-control enable
- password-control expired-user-login
- password-control history
- password-control length
- password-control login idle-time
- password-control login-attempt
- password-control password update interval
- password-control super aging
- password-control super composition
- password-control super length
- reset password-control blacklist
- reset password-control history-record
- FIPS configuration commands
- Support and other resources
- Index
126
Parameters
server-name: Specifies a name for the portal server, a case-sensitive string of 1 to 32 characters.
ip ipv4-address: Specifies the IPv4 address of the portal server. If you specify the local portal server, the
IP address specified must be that of a Layer 3 interface on the device and must be reachable from the
portal clients.
key: Specifies a shared key for communication with the portal server. Portal packets exchanged between
the access device and the portal server carry an authenticator, which is generated with the shared key.
The receiver uses the authenticator to check the correctness of the received portal packets.
cipher: Sets a ciphertext shared key.
simple: Sets a plaintext shared key.
key-string: Specifies the shared key. This argument is case sensitive. If simple is specified, it must be a
string of 1 to 16 characters. If cipher is specified, it must be a ciphertext string of 1 to 53 characters. If
neither simple nor cipher is specified, you set a plaintext shared key.
port port-id: Specifies the destination port number used when the device sends an unsolicited message
to the portal server, in the range of 1 to 65534. The default is 50100.
url url-string: Specifies the uniform resource locator (URL) to which HTTP packets are to be redirected. The
default URL is in the http://ip-address format, where ip-address is the IP address of the portal server. You
can also specify the domain name of the portal server, in which case you must use the portal
vpn-instance vpn-instance-name: Specifies the VPN to which the portal server belongs. The
vpn-instance-name argument specifies a VPN instance name, which is a case-sensitive string of 1 to 31
characters. If the portal server is on the public network, do not specify this option.
Usage guidelines
If the specified portal server exists and no user is on the interfaces referencing the portal server, using the
undo portal server server-name command removes the specified portal server, and if keyword port or url
is also provided, the command restores the destination port number or URL address to the default.
The configured portal server and its parameters can be removed or modified only when the portal server
is not referenced by an interface. To remove or modify the settings of a portal server that has been
referenced by an interface, you must first remove the portal configuration on the interface by using the
undo portal command.
For local portal server configuration, the keywords key, port, and url are usually not required and, if
configured, do not take effect.
For security purposes, all keys, including keys configured in plain text, are saved in cipher text.
Examples
# Configure portal server pts, setting the IP address to 192.168.0.111, the plaintext key to portal, and the
redirection URL to h t t p : / / 19 2 .16 8 . 0 .111 / p o r t a l .
<Sysname> system-view
[Sysname] portal server pts ip 192.168.0.111 key simple portal url
http://192.168.0.111/portal
Related commands
display portal server