HP VPN Firewall Appliances Access Control Configuration Guide
197
No. Sub-attribute Descri
p
tion
140 User_Group
User groups assigned after the SSL VPN user passes authentication. A user
might belong to more than one user group. In this case, the user groups are
delimited by semi-colons. This attribute is used for cooperation with the SSL
VPN device.
141 Security_Level
Security level assigned after the SSL VPN user passes security
authentication.
201 Input-Interval-Octets Number of bytes input within a real-time accounting interval.
202 Output-Interval-Octets Number of bytes output within a real-time accounting interval.
203 Input-Interval-Packets
Number of packets input within an accounting interval, in the unit set on
the NAS.
204 Output-Interval-Packets
Number of packets output within an accounting interval, in the unit set on
the NAS.
205 Input-Interval-Gigawords Amount of bytes input within an accounting interval, in units of 4G bytes.
206 Output-Interval-Gigawords Amount of bytes output within an accounting interval, in units of 4G bytes.
207 Backup-NAS-IP Backup source IP address for sending RADIUS packets.
255 Product_ID Product name.
Configuring AAA at the CLI
To configure AAA on the NAS at the CLI:
1. Configure the required AAA schemes.
{ Local authentication—Configure local users and the related attributes, including the usernames
and passwords for the users to be authenticated.
{ Remote authentication—Configure the required RADIUS and HWTACACS schemes. You must
configure user attributes on the servers accordingly.
2. Configure AAA methods for the ISP domain.
{ Authentication method—No authentication (none), local authentication (local), or remote
authentication (scheme)
{ Authorization method—No authorization (none), local authorization (local), or remote
authorization (scheme)
{ Accounting method—No accounting (none), local accounting (local), or remote accounting
(scheme)
See Figure 136 fo
r the c
onfiguration procedure.