H3C Technologies H3C Intelligent Management Center User Manual
Page 148
130
−
Add Manually—Enter an ACL number or name. Make sure the ACL number or name
already exists on the access device. The setting takes effect only on HP Comware switches
and H3C devices.
−
Select from List—Select an ACL from the ACL Management subcomponent of the IMC
platform. If ACL Management is not deployed, this option is grayed out. The setting takes
effect only on HP Comware switches and H3C devices.
−
Access ACL List—Select an access ACL from the list. For information about configuring the
access ACLs, see "
." The setting takes effect only on HP ProCurve
switches.
5.
On the Authentication Binding Information area, select the options to check in network access
authentication. You can set the bound values on the binding information areas of the configuration
page when you add or modify the access user account to which a service uses this access policy
is assigned. Otherwise, UAM automatically stores parameter settings in the first successful
authentication of the access user account as the bound values.
The binding options are in a logical AND relationship. To pass authentication, an access user must
meet all selected binding requirements.
{
Bind Access Device IP—Select this option if you want to require the access device use the bound
IP address. If the access device has multiple IP addresses, configure or let UAM use the one by
which the access device was added.
{
Bind Access Device Port—Select this option if you want to require the user endpoint be
connected to an access device through the bound port. UAM uses the last digit of a port number
to match access ports. For example, if you specify port 3, both 1/0/3 and 2/0/3 match to port
3.
{
Bind VLAN—Select this option if you want to require the packets of the user carry the bound
VLAN tag.
{
Bind QinQ Double VLAN—Select this option if you want to require the QinQ packets of the user
carry the bound VLAN tags.
{
Bind User IP—Select this option if you want to require the authenticated NIC on the user
endpoint use the bound IP address. If the endpoint has multiple NICs, configure the IP address
of the NIC that will initiate the authentication process as the bound IP address.
{
Bind User IPv6—Select this option if you want to require the authenticated NIC on the user
endpoint use the bound IPv6 address. If the endpoint has multiple NICs, configure the IPv6
address of the NIC that will initiate the authentication process as the bound IPv6 address.
{
Bind User MAC—Select this option if you want to require the authenticated NIC on the user
endpoint use the bound MAC address. If the endpoint has multiple NICs, configure the MAC
address of the NIC that will initiate the authentication process as the bound MAC address.
{
Bind User IMSI—Select this option if you want to require the user endpoint use the bound IMSI.
{
Bind Computer Name—Select this option if you want to require the user endpoint use the bound
computer name.
{
Bind Domain—Select this option if you want to require the bound domain be used.
{
Bind User SSID—Select this option if you want to require the bound SSID be used.
{
Bind Access Device SN—Select this option if you want to require the access device of the user
use the bound serial number.
{
Control Access MAC Address—Select this option if you want UAM to check the MAC address of
the user. For more information, see "
Configuring access MAC addresses
."