H3C Technologies H3C Intelligent Management Center User Manual

395

{

Port—Enter the port number of the access device to which an LDAP user is bound. A user can

pass the authentication only when connected port (of any access device) matches the bound
port. UAM uses the last number of a port number to match access ports. For example, if you

specify port 3, both 1/0/3 and 2/0/3 are considered a match.

{

Outer VLAN ID—Enter the outer VLAN ID bound to the LDAP user. An LDAP user can pass the
authentication only when the VLAN tag of the packets sent by the user matches the bound outer

VLAN tag.

{

VLAN ID/Inner VLAN ID—Enter the VLAN ID or inner VLAN ID bound to the LDAP user. An LDAP

user can pass the authentication only when the VLAN tag of the packets sent by the user matches
the bound VLAN tag.

{

User SSID—Enter the SSID bound to the LDAP user when the user uses wireless access. An LDAP
user can pass authentication only when the used SSID is on the User SSID list.

{

Device IP—IPv4 address of the access device bound to the LDAP user. An LDAP user can pass
authentication only when the connected access device's IP address is on the Device IP list. The

access device IPv4 address is the address when the device is being added to UAM as an access

device.

{

Device IPv6 Address—IPv6 address of the access device bound to the LDAP user. An LDAP user
can pass authentication only when the connected access device's IP address is on the Device

IPv6 Address list. The access device IPv6 address is the address when the device is being added

to UAM as an access device.

Modify terminal binding information

Set the values for terminal binding parameters. The binding parameters in this area take effect only
when they are selected in the Authentication Binding Information area of the selected services. For
example, the Computer Name parameter is effective to the services only when the Bind Computer

Name option is selected.
If you select a binding option for a service but do not specify any value for the parameter in the
terminal binding information, UAM automatically acquires the binding information for the service

when the user first passes authentication.
To pass authentication, the LDAP user must meet all requirements of the listed access device
bindings and terminal bindings.

{

Computer Name—Enter the name of the computer bound to the LDAP user. An LDAP user can

pass the authentication only when the computer name of the user matches the bound computer
name.

{

IMSI—Enter the IMSI number bound to the LDAP user. An LDAP user can pass the authentication
only when the IMSI of the endpoint matches the bound IMSI.

{

Windows Domain—Enter the name of the Windows domain name bound to the LDAP user. A
user can pass authentication only after the computer joins or logs in to domain.

{

Terminal IP Address—Enter a list of IPv4 addresses or IPv4 address ranges bound to the LDAP
user. An LDAP user can pass authentication only by using an endpoint with a bound IPv4

address or an IPv4 address in the bound IPv4 address ranges.

{

Terminal MAC Address—Enter a list of MAC addresses bound to the LDAP user. An LDAP user
can pass authentication only by using an endpoint with a bound MAC address.

{

Terminal IPv6 Address—Enter a list of IPv6 addresses bound to the LDAP user. An LDAP user can
pass authentication only by using an endpoint with a bound IPv6 address.

{

Click OK.