HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

221

222

223

224

225

226

227

228

229

230

222

The device chooses an authentication domain for each user in the following order:

• The authentication domain specified for the access module

• The ISP domain in the username

• The default ISP domain of the device

• The ISP domain specified for users with unknown domain names

If all the domains are unavailable, user authentication will fail.

Support for the authentication domain configuration depends on the access module. You can specify an

authentication domain for portal authentication.

To create an ISP domain:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Create an ISP domain and

enter ISP domain view.

domain isp-name N/A

3. Return to system view.

quit N/A

4. Specify the default ISP

domain.

domain default enable

isp-name

Optional.

By default, the default ISP domain is the

system predefined ISP domain system.

5. Specify an ISP domain for

users with unknown domain

names.

domain if-unknown

isp-name

Optional.

By default, no ISP domain is specified for

users with unknown domain names.

To delete the ISP domain that is functioning as the default ISP domain, you must change it to a non-default

ISP domain by using the undo domain default enable command.

Configuring ISP domain attributes

In an ISP domain, you can configure the following attributes:

• Domain status—By placing the ISP domain to the active or blocked state, you allow or deny

network service requests from users in the domain.

• Maximum number of online users—The device controls the number of online users in a domain to

ensure the system performance and service reliability.

• Idle cut—Enables the device to check the traffic of each online user in the domain at the idle timeout

interval, and to log out any user in the domain whose traffic during the idle timeout period is less

than the specified minimum traffic.

• Self-service server location—Allows users to access the self-service server to manage their own

accounts and passwords. A self-service RADIUS server running on IMC is required for the

self-service server location function to work.

• IP address pool for allocating addresses to PPP users—The device assigns IP addresses from the

pool to PPP users in the domain.

An ISP domain attribute applies to all users in the domain.

To configure ISP domain attributes:

Ste

Command

Remarks

1. Enter system view.

system-view N/A