Configuring aaa at the cli – H3C Technologies H3C SecPath F1000-E User Manual

Page 172

162

No. Sub-attribute

Description

62 User_HeartBeat

Hash value assigned after an 802.1X user passes authentication, which is
a 32-byte string. This attribute is stored in the user list on the NAS and is
used for verifying the handshake messages from the 802.1X user. This

attribute exists in only Access-Accept and Accounting-Request packets.

140 User_Group

User groups assigned after the SSL VPN user passes authentication. A user
may belong to more than one user group. In this case, the user groups are

delimited by semi-colons. This attribute is used for cooperation with the SSL
VPN device.

141 Security_Level

Security level assigned after the SSL VPN user passes security

authentication.

201 Input-Interval-Octets

Bytes input within a real-time accounting interval.

202 Output-Interval-Octets

Bytes output within a real-time accounting interval.

203 Input-Interval-Packets

Packets input within an accounting interval, in the unit set on the device.

204 Output-Interval-Packets

Packets output within an accounting interval, in the unit set on the device.

205 Input-Interval-Gigawords

Result of bytes input within an accounting interval divided by 4G bytes.

206

Output-Interval-Gigaword
s

Result of bytes output within an accounting interval divided by 4G bytes.

207 Backup-NAS-IP

Backup

source IP address for sending RADIUS packets.

255 Product_ID

Product

name.

Configuring AAA at the CLI

To configure AAA, you must complete these tasks on the NAS:

Configure the required AAA schemes.

{

Local authentication—Configure local users and the related attributes, including the usernames
and passwords of the users to be authenticated.

{

Remote authentication—Configure the required RADIUS, and HWTACACS schemes. You must
configure user attributes on the servers accordingly.

Configure AAA methods for the users' ISP domains.

{

Authentication method—No authentication (none), local authentication (local), or remote
authentication (scheme)

{

Authorization method—No authorization (none), local authorization (local), or remote
authorization (scheme)

{

Accounting method—No accounting (none), local accounting (local), or remote accounting
(scheme)

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS