Filter
Top Products
Working with public access attributes
Colubris AV-Pair attribute - Site values
Parameter Description
protocol
Specify the protocol to check: tcp, udp, icmp, all
address
Specify one of the following:
IP address or domain name (up to 107 characters in length)
Subnet address. Include the network mask as follows:
address/subnet mask For example: 192.168.30.0/24
Use the keyword all to match any address.
Use the wildcard symbol * to match any sequence of characters
at the beginning or the end of a domain name. For example:
*.mydomain matches any host on the domain .mydomain.
myhost.* matches myhost at any domain. For example,
myhost.com or myhost.ca
Use the keyword none if the protocol does not take an address
range (ICMP for example).
port
Specify a specific port to check or a port range as follows:
none - Used with ICMP (since it has no ports).
all - Check all ports.
1-65535[:1-65535] - Specify a specific port or port range.
Note: If you choose all possible protocols for an access-list
definition, then you must supply all ports as well.
account
Specify the name of the user account the service controller will send
billing information to for this rule. Account names must be unique
and can be up to 32 characters in length.
interval
Specify time between interim accounting updates. If you do not
enable this option, accounting information is only sent when a user
connection is terminated. Range: 5 to 99999 seconds in 15 second
increments.
Access list example
This example illustrates how access lists can be used to control access to network resources
for different groups of users at a fictitious university campus.
Topology
The following two topologies show potential wireless deployments for the campus using
different types of HP ProCurve Networking equipment. In both cases, a RADIUS server is
used to store configuration attributes for the public access network. Although the topologies
are slightly different, the same access list definitions are used for both installations.
9-37