No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - Security

AR500, AR510, and AR530 V200R007

This document describes the configurations of Security, including AAA, DAA,NAC, BRAS Access, ACL, Firewall, Deep Security Defense, Local Attack Defense;Attack Defense, Traffic Suppression, ARP Security, Port Security, DHCP Snooping, IPSG, URPF, PKI, SSL, HTTPS, Keychain, separating the management plane from the service plane, security risks.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a Domain

Configuring a Domain


The created authentication and authorization schemes take effect only after being applied to a domain. When local authentication and authorization are used, non-accounting is used by default.


  1. Run:


    The system view is displayed.

  2. Run:


    The AAA view is displayed.

  3. Run:

    domain domain-name

    A domain is created and the domain view is displayed, or an existing domain view is displayed.

    The device has two default domains: default and default_admin. The default domain is used by common access users and the default_admin domain is used by administrators.

    • If an entered user name does not contain domain name, the user is added to the default domain for authentication. Therefore, you need to run the domain (system view) domain-name [ admin ] command to configure domain-name as the default global domain.
    • If an entered user name contains the domain name, the domain-name parameter must be correctly specified.

  4. Run:

    authentication-scheme authentication-scheme-name

    An authentication scheme is applied to the domain.

    By default, the authentication scheme named default is applied to a domain.

  5. Run:

    authorization-scheme authorization-scheme-name

    An authorization scheme is applied to the domain.

    By default, no authorization scheme is applied to a domain.

  6. (Optional) Run:

    user-group group-name

    A user group is applied to the domain.

    By default, no user group is applied to a domain.

  7. (Optional) Run:

    service-scheme service-scheme-name

    A service scheme is applied to the domain.

    By default, no service scheme is applied to a domain.

  8. (Optional) Run:

    state { active | block [ time-range time-name &<1-4> ] }

    The domain state is configured.

    When a domain is in blocking state, users in this domain cannot log in. By default, a domain is in active state after being created.

  9. (Optional) Run:

    statistic enable

    The traffic statistics collection is enabled for the domain.

    By default, traffic statistics collection is enabled for a domain.

  10. Run:


    Exit from the domain view.

  11. (Optional) Run:

    domain-name-delimiter delimiter

    A domain name delimiter is configured.

    A domain name delimiter can be any of the following: \ / : < > | @ ' %.

    The default domain name delimiter is @.

  12. Run:


    Return to the system view.

Updated: 2019-05-25

Document ID: EDOC1000097287

Views: 13417

Downloads: 40

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next