HPE FlexNetwork 10500 Series Security Configuration Manual page 69
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Network management and monitoring command reference (423 pages) ,
- Configuration manual (407 pages)
Table of Contents
Advertisement
•
Authorization attributes—The device assigns the authorization attributes in the ISP domain to
the authenticated users who do not receive these attributes from the server. However, if the idle
cut attribute is configured in the ISP domain, the device assigns the attribute to the
authenticated users. If no idle cut attribute is configured in the ISP domain, the device uses the
idle cut attribute assigned by the server. The device supports the following authorization
attributes:
Authorization ACL—The device restricts authenticated users to access only the network
resources permitted by the ACL. For portal users, the authorization ACL can be configured
in a preauthentication domain to authorize access to network resources before users pass
authentication.
Authorization CAR action—The attribute controls the traffic flow of authenticated users.
For portal users, the authorization CAR action can be configured in a preauthentication
domain to control traffic flow before users pass authentication.
Idle cut—It enables the device to check the traffic of each online user at the specified
direction in the domain at the idle timeout interval. The device logs out any users in the
domain whose total traffic in the idle timeout period at the specified direction is less than the
specified minimum traffic.
IPv4 address pool—The device assigns IPv4 addresses from the pool to authenticated
users in the domain.
IPv6 address pool—The device assigns IPv6 addresses from the pool to authenticated
users in the domain.
Redirect URL—The device redirects users in the domain to the URL after they pass
authentication.
Authorization user group—Authenticated users in the domain obtain all attributes of the
user group.
Maximum number of multicast groups—The attribute restricts the maximum number of
multicast groups that an authenticated user can join concurrently.
•
User online duration including idle timeout period—If a user goes offline due to connection
failure or malfunction, the user's online duration sent to the server includes the idle timeout
period. The online duration that is generated on the server is longer than the actual online
duration of the user.
Typically, the idle timeout period is authorized by the authorization server after users pass
authentication. For portal users, the idle timeout period set for the online portal user detection
feature takes priority over the server-assigned idle timeout period. For more information about
online detection for portal users, see
To configure ISP domain attributes:
Step
1.
Enter system view.
2.
Enter ISP domain view.
3.
Place the ISP domain in
active or blocked state.
"Configuring portal
Command
system-view
domain isp-name
state { active | block }
52
authentication."
Remarks
N/A
N/A
By default, an ISP domain is in
active state, and users in the
domain can request network
services.
Advertisement
Table of Contents
Troubleshooting
