HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

221

222

223

224

225

226

227

228

229

230

223

Ste

Command

Remarks

2. Enter ISP domain view.

domain isp-name N/A

3. Place the ISP domain to the

active or blocked state.

state { active | block }

Optional.

By default, an ISP domain is in active state,

and users in the domain can request network

services.

4. Specify the maximum

number of online users in the

ISP domain.

access-limit enable

max-user-number

Optional.

No limit is specified by default.

5. Configure the idle cut

function.

idle-cut enable minute

[ flow ]

Optional.

Disabled by default.

This command is effective only for portal and

PPP users.

6. Enable the self-service server

location function and specify

the URL of the self-service

server.

self-service-url enable

url-string

Optional.

Disabled by default.

7. Define an IP address pool

for allocating addresses to

PPP users.

ip pool pool-number

low-ip-address

[ high-ip-address ]

Optional.

By default, no IP address pool is configured

for PPP users.

8. Set the device to include the

idle cut time in the user

online time to be uploaded

to the server.

session-time

include-idle-time

Optional.

By default, the user online time uploaded to

the server excludes the idle cut time.

Configuring authentication methods for an ISP domain

In AAA, authentication, authorization, and accounting are separate processes. Authentication refers to

the interactive authentication process of username/password/user information during an access or

service request. The authentication process neither sends authorization information to a supplicant nor

triggers any accounting.

AAA supports the following authentication methods:

• No authentication (none)—No authentication is performed. This method trusts all users and is not

for general use.

• Local authentication (local)—Authentication is performed by the NAS, which is configured with the

user information, including the usernames, passwords, and attributes. Local authentication allows

high speed and low cost, but the amount of information that can be stored is limited by the size of

the storage space.

• Remote authentication (scheme)—The NAS cooperates with a RADIUS or HWTACACS server to

authenticate users. Remote authentication provides centralized information management, high

capacity, high reliability, and support for centralized authentication service for multiple NASs. You

can configure local or no authentication as the backup method, which will be used when the remote

server is not available.

You can configure AAA authentication to work alone without authorization and accounting.

By default, an ISP domain uses the local authentication method.

Before configuring authentication methods, complete the following tasks: