No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Security

AR500, AR510, and AR530 V200R007

This document describes the configurations of Security, including AAA, DAA,NAC, BRAS Access, ACL, Firewall, Deep Security Defense, Local Attack Defense;Attack Defense, Traffic Suppression, ARP Security, Port Security, DHCP Snooping, IPSG, URPF, PKI, SSL, HTTPS, Keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring a Service Scheme

(Optional) Configuring a Service Scheme

Context

Access users must obtain authorization information before going online. Authorization information about users can be managed by configuring a service scheme.

NOTE:

In the service scheme, you only need to run the admin-user privilege level command to configure AAA. Other commands need to be configured only when they are referenced by other features in the service scheme.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    aaa

    The AAA view is displayed.

  3. Run:

    service-scheme service-scheme-name

    A service scheme is created and the service scheme view is displayed.

    By default, no service scheme is configured on the device.

  4. Run:

    admin-user privilege level level

    The user is configured to log in to the device as the administrator and the administrator level for login is specified.

    The value of level ranges from 0 to 15. By default, the user level is not configured.

  5. (Optional) Run:

    dhcp-server group group-name

    A Dynamic Host Configuration Protocol (DHCP) server group is configured.

    By default, no DHCP server group is specified in a service scheme.

  6. (Optional) Run:

    ip-pool pool-name [ move-to new-position ]

    An IP address pool is configured in the service scheme or an existing IP address pool is moved.

    By default, no IP address pool is set for a service scheme.

  7. (Optional) Run:

    dns ip-address

    The IP address of the primary DNS server is configured.

    By default, no primary DNS server address is configured in a service scheme.

  8. (Optional) Run:

    dns ip-address secondary

    The IP address of the secondary DNS server is configured.

    By default, no secondary DNS server address is configured in a service scheme.

  9. (Optional) Run:

    auto-update url url-string version version-number

    The URL and version number of the service scheme are configured.

    By default, the URL and version number of a service scheme are not configured.

  10. (Optional) Run:

    dns-name domain-name

    The default DNS domain name is configured in the service scheme.

    By default, no default DNS domain name is configured in a service scheme.

  11. (Optional) Run:

    wins ip-address

    The IP address of the primary wins server is configured.

    By default, no primary wins server address is configured in a service scheme.

  12. (Optional) Run:

    wins ip-address secondary

    The IP address of the secondary wins server is configured.

    By default, no secondary wins server address is configured in a service scheme.

  13. (Optional) Run:

    route set acl acl-number

    The local subnet information to be sent to the remote end is configured.

    By default, no local subnet information is sent to the remote end.

  14. (Optional) Run:

    route set interface

    The address of the interface bound to the IPSec tunnel to the remote end is configured.

    By default, the address of the interface bound to the IPSec tunnel is not sent to the remote end.

  15. (Optional) Run:

    idle-cut idle-time flow-value [ inbound | outbound ]

    The idle-cut function is enabled for domain users and the idle-cut parameters are set.

    By default, the idle-cut function is disabled for domain users.

    NOTE:

    The idle-cut function takes effect only after the idle time and traffic threshold are configured. To configure the traffic threshold, run the idle-cut idle-time flow-value command. To configure the idle time, use the value of idle-time configured on the device or the value (carried in RADIUS attribute 28 Idle-Timeout) authorized by the RADIUS server. If both values exist, the value authorized by the RADIUS server has a higher priority.

  16. (Optional)Run:

    qos-profile profile-name

    A QoS profile is bound to the service scheme.

    By default, no QoS profile is bound to a service scheme.

Translation
Download
Updated: 2019-05-25

Document ID: EDOC1000097287

Views: 14712

Downloads: 40

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next