Authorization-Attribute (Isp Domain View) - H3C MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
Examples
# In ISP domain test, perform local authorization for SSL VPN users.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization sslvpn local
# In ISP domain test, perform LDAP authorization for SSL VPN users based on scheme ldp and use
local authorization as the backup.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization sslvpn ldap-scheme ldp local
Related commands
authorization default
ldap scheme
local-user
radius scheme
authorization-attribute (ISP domain view)
Use authorization-attribute to configure authorization attributes for users in an ISP domain.
Use undo authorization-attribute to restore the default of an authorization attribute.
Syntax
authorization-attribute { acl acl-number | car inbound cir committed-information-rate [ pir
peak-information-rate ] outbound cir committed-information-rate [ pir peak-information-rate ] |
idle-cut minute [ flow ] | igmp max-access-number max-access-number | ip-pool pool-name |
ipv6-pool ipv6-pool-name | ipv6-prefix ipv6-prefix prefix-length | mld max-access-number
max-access-number | { primary-dns | secondary-dns } { ip ipv4-address | ipv6 ipv6-address } |
session-group-profile session-group-profile-name | session-timeout minutes | url url-string |
user-group user-group-name | user-profile profile-name | vpn-instance vpn-instance-name }
undo authorization-attribute { acl | car | idle-cut | igmp | ip-pool | ipv6-pool | ipv6-prefix | mld |
primary-dns | secondary-dns | session-group-profile | session-timeout | url | user-group |
user-profile | vpn-instance }
Default
No authorization attributes are configured for users in the ISP domain and the idle cut feature is
disabled.
Views
ISP domain view
Predefined user roles
network-admin
Parameters
acl acl-number: Specifies an ACL to filter traffic for users. The value range for the acl-number
argument is 2000 to 5999. Typically, the attribute applies to authenticated users. If you configure the
attribute in a portal preauthentication domain, the ACL applies before portal authentication. This
option is applicable only to IPoE, LAN, and portal users.
car: Specifies a CAR action for users. Typically, the attribute applies to authenticated users. If you
configure the attribute in a portal preauthentication domain, the CAR action applies before portal
authentication. This keyword is applicable only to IPoE, portal, and PPP users.
39
Advertisement
Table of Contents
