HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

161

162

163

164

165

166

167

168

169

170

160

Ste

Command

Remarks

2. Set the maximum number of

online portal users.

portal max-user

max-number

The default maximum number of online portal

users varies with device models. For more

information, see the command reference.

Specifying a portal authentication domain

After you specify an authentication domain for portal users on an interface, the device uses the

authentication domain for AAA of all portal users on the interface, ignoring the domain names carried

in the usernames. This allows you to specify different authentication domains for different interfaces as

needed.

To specify the authentication domain for IPv4 portal users on an interface:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter interface view.

interface interface-type

interface-number

N/A

3. Specify an authentication

domain for IPv4 portal users

on the interface.

portal domain domain-name

By default, no authentication domain is

specified for portal users.

The device selects the authentication domain for a portal user on an interface in this order: the

authentication domain specified for the interface, the authentication domain carried in the username,

and the system default authentication domain. For information about the default authentication domain,

see "Configuring AAA."

Configuring RADIUS related attributes

Specifying NAS-Port-Type for an interface

NAS-Port-Type is a standard RADIUS attribute for indicating a user access port type. With this attribute

specified on an interface, when a portal user logs on from the interface, the device uses the specified

NAS-Port-Type value as that in the RADIUS request to be sent to the RADIUS server. If NAS-Port-Type is not

specified, the device uses the access port type obtained.

If there are multiple network devices between the Broadband Access Server (the portal authentication

access device) and a portal client, the BAS might not be able to obtain a user's correct access port

information. For example, for a wireless client using portal authentication, the access port type obtained

by the BAS might be the type of the wired port that authenticates the user. To make sure that the BAS

delivers the right access port information to the RADIUS server, specify the NAS-Port-Type according to

the practical access environment.

To specify the NAS-Port-Type value for an interface:

Ste

Command

Remarks

1. Enter system view.

system-view N/A