No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Security

AR500, AR510, and AR530 V200R007

This document describes the configurations of Security, including AAA, DAA,NAC, BRAS Access, ACL, Firewall, Deep Security Defense, Local Attack Defense;Attack Defense, Traffic Suppression, ARP Security, Port Security, DHCP Snooping, IPSG, URPF, PKI, SSL, HTTPS, Keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Principle

Principle

This section describes DAA implementation.

Concepts

  • Traffic identification: classifies traffic into different types according to the destination IP addresses users access.
  • Tariff level: identifies the data flows destined for the specified address so that the device can collect statistics and enforce differentiated policies on different types of traffic.
  • Traffic group: associates classified traffic with tariff levels.

Implementation

Figure 2-1 shows the network of DAA service. The Router works with a accounting server to implement destination-based accounting.

Figure 2-1  Network of DAA service

During a user authentication and network access process, DAA service process is as follows:
NOTE:

This process assumes that users have passed the 802.1x, MAC address, Portal, or PPPoE authentication.

  1. A user goes online and traffic is generated.
  2. When the user accesses Network1 or Network2, the device resolves the destination address from user traffic, and matches the destination address against ACL, which are the traffic identification rule.
  3. The device obtains the tariff level corresponding to the ACL in the traffic group, and maps the traffic to the corresponding tariff level.
  4. The device performs traffic statistics collection according to the tariff level.
  5. (Optional) The device periodically sends an interim accounting packet to the accounting server. The packet carries accumulative traffic statistics corresponding to each tariff level.
  6. (Optional) After receiving an interim accounting packet, the accounting server parses traffic information corresponding to each tariff level and performs interim accounting based on certain rules.
  7. When the user requests to go offline, the device sends an accounting stop packet to the accounting server. The packet carries traffic statistics at each tariff level during this online process of the user.
  8. After receiving an accounting stop packet, the accounting server parses traffic information corresponding to each tariff level during the entire online process and performs accounting based on certain rules.
  9. The user goes offline.
Translation
Download
Updated: 2019-05-25

Document ID: EDOC1000097287

Views: 14805

Downloads: 40

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next