Q: What is the relationship between authentication modes of MA5200G and domain?
1. First check what types of domains MA5200G contains:
a. Pre-authentication domain (default-domain pre-authentication）
Pre-authentication is only for web authentication users to get address, and only web authentication users need the domain. A user will get a username first in binding format, and obtain IP address after authentication, as well as the relevant access permission. Generally, web authentication users can realize mutual access with WEB authentication server, and DNS server when they pass authentication in the domain.
b. Authentication domain (default-domain authentication)
The authentication domain is for authentication of users when they enter account and password. If the user account does not contain domain name, the users will be authenticated and accounted according to the configuration in authentication domain.
c. Forced authentication domain (default-domain authentication force)
Forced authentication domain functions to authenticate and account for users according to the configuration in the forced authentication domain when users enter the account, regardless of if the account contains domain name. However, the domain name entered by user will not be changed during the authentication; if users do not enter domain name, the system will add the domain name of the authentication domain by force.
d. Forced replace authentication domain (default-domain authentication replace)
Forced replace authentication domain means that users have to be authenticated and accounted according to the configurations in the domain when users enter the account, regardless of if users enter domain name or whatever the domain name is. At the same time, the domain name of the user will be replaced with the domain name of the forced replace authentication domain by force.
Roam domain (it is only available for versions later than VRP3.30-2209; in the versions earlier than 2209 including 21XX, the roam-domain is the same as the authentication domain) means users have to be authenticated and accounted according to the configuration in the domain if the domain name of the account entered by them (the account of users must contain the domain name, or the roam-domain policy will not be effective). The system will not change the account entered by users during authentication.
2. The following is the authentication mode of MA5200G:
a. bind authentication
The bind authentication uses authentication domain, and the system will create an account for users in the format as device name +slot+port+vlan@domain (authentication domain name), and the password is vlan (it cannot be changed). The authentication and accounting will be performed according to the configurations in the authentication domain.
b. fast authentication
The fast authentication uses two authentication domains: pre-authentication domain and authentication domain. The fast authentication often uses the default0 as the default pre-authentication domain of which the default configuration is set to non-configuration and non-accounting, and the address can be obtained after passing the authentication. At this point, the system will create authentication domain account for users automatically according to rules in the format as device name +slot+port+vlan@domain (authentication domain name), and the password is still vlan. Users can click the link (the user will be authenticated according to the account and password created by system automatically) to access network after opening the web page.
c. web authentication
web authentication has two steps: the first is the same as the fast authentication which uses default0 (pre-authentication domain); the second is to open the web page, and then enter account and password, performing the authentication and accounting according to the configurations of system including authentication domain, forced authentication domain, forced replace authentication domain or roam domain.
d. pppoe authentication
pppoe authentication has only one step. Enter the account and password after running the PPPOE client software; the authentication and accounting will be performed according to the configurations of system including authentication domain, forced authentication domain, forced replace authentication domain or roam-domain.