HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

201

202

203

204

205

206

207

208

209

210

199

Services that the user can use. Local authentication checks the service types of a local user. If none

of the service types is available, the user cannot pass authentication.

Service types include DVPN, FTP, portal, PPP, SSH, Telnet, terminal, and Web.

The following matrixes show the service types and hardware compatibility:

Hardware DVPN

service com

atible

F1000-A-EI/F1000-S-EI No

F1000-E Yes

F5000 Yes

F5000-S/F5000-C Yes

VPN firewall modules Yes

20-Gbps VPN firewall modules No

• User state.

Indicates whether or not a local user can request network services. There are two user states: active

and blocked. A user in active state can request network services, but a user in blocked state

cannot.

• Maximum number of users using the same local user account.

Indicates how many users can use the same local user account for local authentication.

• Validity time and expiration time.

Indicates the validity time and expiration time of a local user account. A user must use a valid local

user account to pass local authentication. When some users need to access the network

temporarily, you can create a guest account and specify a validity time and an expiration time for

the account to control the validity of the account.

• User group.

Each local user belongs to a local user group and bears all attributes of the group, such as the

password control attributes and authorization attributes. For more information about local user

group, see "Configuring user group attributes."

• Passw

ord control attributes.

Password control attributes help you control the security of local users' passwords. Password

control attributes include password aging time, minimum password length, and password

composition policy.

You can configure a password control attribute in system view, user group view, or local user view,

making the attribute effective for all local users, all local users in a group, or only the local user. A

password control attribute with a smaller effective range has a higher priority. For more

information about password management and global password configuration, see "Configuring

password control." For more information about password control commands, see Access Control

Command Reference.

• Binding attributes.

Binding attributes are used for controlling the scope of users. They are checked during local

authentication of a user. If the attributes of a user do not match the binding attributes configured for

the local user account, the user cannot pass authentication. Binding attributes include the ISDN

calling number and IP address.

• Authorization attributes.