H3C Technologies H3C Intelligent Management Center User Manual
Page 147
129
{
Service Group—Select a service group from the list to assign the access policy to that group for
privilege-based management. Select Ungrouped if you do not want to assign the access policy
to any service group.
4.
Configure the Authorization Information area parameters:
{
Access Period—Select an access period policy from the list. For more information about access
period policies, see "
Configuring access period policies
{
Allocate IP—Specify whether UAM requires an IP address be specified when an operator
attempts to assign an access account a service that uses this access policy. UAM assigns the
specified IP address to the user who passes authentication by using that access account. This
parameter applies only to PPP authentication methods, for example, L2TP and PPPoE.
{
Downstream Rate—Enter an upper limit of the download rate for the access user. This parameter
takes effect only when the access device is an HP ProCurve or Comware switch. Support for the
parameter on the HP Comware switches depends on the device model.
{
Upstream Rate—Enter an upper limit of the upload rate for the access user. This parameter takes
effect only when the access device is an HP ProCurve or Comware switch. Support for the
parameter on the HP Comware switches depends on the device model.
{
Priority—Enter a priority of packets to forward by the access device for the access user. This
parameter takes effect only when the access device is an HP ProCurve or Comware switch.
Support for the parameter on the HP Comware switches depends on the device model.
{
RSA Authentication—Select this option if you want to enable RSA authentication. For more
information about RSA authentication, see "
20 Configuring RSA authentication
{
Certificate Authentication—Specify whether to enable EAP authentication: None or EAP.
{
Certificate Type—Select an EAP authentication type from the list: EAP-TLS AuthN, EAP-TTLS
AuthN, or EAP-PEAP AuthN. This parameter appears only when EAP certificate authentication is
enabled.
−
EAP-TLS AuthN—Performs bidirectional client-server certificate authentication. Each party is
identified by its certificate.
−
EAP-TTLS AuthN—Performs certificate authentication through a TLS channel between the
client and UAM.
−
EAP-PEAP AuthN—Performs EAP authentication through a security tunnel between the client
and UAM. The tunnel protects the user password and EAP negotiation process.
{
Certificate Sub-Type—Select an EAP-PEAP authentication method from the list: MSCHAPV2
AuthN, MD5 AuthN, or GTC AuthN. This parameter appears only when the EAP-PEAP protocol
is selected.
{
Deploy VLAN—Enter an ID or name of the VLAN to be assigned to the user through the access
device. The value range of the VLAN ID is 1 to 4094. Other value is considered as a VLAN
name. If you enter a VLAN name, make sure it already existing on the access device.
{
Deploy User Profile—Select this option and enter a name of the user profile if you want to assign
it to the user through the access device. Make sure the user profile already exists on the access
device.
{
Deploy User Group—Enter the name of the user profile if you want to assign it to the user through
the access device. Make sure the access device is an SSL VPN device and already contains the
user group.
{
Deploy ACL—Select this option if you want to assign an ACL to the user through the access
device.
The page refreshes to display the following options: