HP VPN Firewall Appliances Access Control Configuration Guide
227
Ste
p
Command
Remarks
6. Specify the authorization
method for login users.
authorization login { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |
none | radius-scheme radius-scheme-name
[ local ] }
Optional.
The default authorization
method is used by default.
7. Specify the authorization
method for portal users.
authorization portal { local | none |
radius-scheme radius-scheme-name
[ local ] }
Optional.
The default authorization
method is used by default.
8. Specify the authorization
method for PPP users.
authorization ppp { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |
none | radius-scheme radius-scheme-name
[ local ] }
Optional.
The default authorization
method is used by default.
9. Specify the authorization
method for SSL VPN
users.
authorization ssl-vpn radius-scheme
radius-scheme-name
Optional.
The default authorization
method is used by default.
The following matrixes show the authorization methods and hardware compatibility by user type:
Hardware DVPN user authorization method com
p
atible
F1000-A-EI/F1000-S-EI No
F1000-E Yes
F5000 Yes
F5000-S/F5000-C Yes
VPN firewall modules Yes
20-Gbps VPN firewall modules No
Hardware SSL VPN user authorization method com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 No
F5000-S/F5000-C Yes
VPN firewall modules No
20-Gbps VPN firewall modules No
Configuring accounting methods for an ISP domain
In AAA, accounting is a separate process at the same level as authentication and authorization. This
process sends accounting start/update/end requests to the specified accounting server. Accounting is
optional.
AAA supports the following accounting methods:
• No accounting (none)—The NAS does not perform accounting for the users.
• Local accounting (local)—Local accounting is implemented on the NAS. It counts and controls the
number of concurrent users who use the same local user account. It does not provide statistics for