No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R010C00 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Setting Access Control Parameters for Portal Authentication Users

(Optional) Setting Access Control Parameters for Portal Authentication Users

Context

During deployment of the Portal authentication network, you can set access control parameters for Portal authentication users to flexibly control the user access. For example, you can set authentication-free rules for Portal authentication users so that the users can access specified network resources without being authenticated or when the users fail authentication. You can configure the source authentication subnet to allow the device to authenticate only users in the source authentication subnet, while users in other subnets cannot pass Portal authentication.

Procedure

  • Set access control parameters for Portal authentication users when an external Portal server is used.
    1. Run system-view

      The system view is displayed.

    2. Set the Portal authentication-free rule using the following command syntax:

      • Run portal free-rule rule-id { destination { any | ip { ip-address mask { mask-length | ip-mask } [ tcp destination-port port | udp destination-port port ] | any } } | source { any | { interface interface-type interface-number | ip { ip-address mask { mask-length | ip-mask } | any } | vlan vlan-id }* } }*

        The Portal authentication-free rule is set.

      • Run portal free-rule rule-id source ip ip-address mask { mask-length | ip-mask } [ mac mac-address ] [ interface interface-type interface-number ] destination user-group group-name

        The Portal authentication-free rule is set.

      By default, no Portal authentication-free rule is set.

    3. Set the maximum number of Portal authentication users.

      1. Run portal max-user user-number

        The maximum number of Portal authentication users is set.

        By default, the number of Portal authentication users is the maximum number of Portal authentication users supported by the device.

      2. Run portal user-alarm percentage percent-lower-value percent-upper-value

        The alarm threshold for the Portal authentication user count percentage is set.

        By default, the lower alarm threshold for the Portal authentication user count percentage is 50, and the upper alarm threshold for the Portal authentication user count percentage is 100.

    4. Run interface interface-type interface-number

      The interface view is displayed.

    5. Run portal auth-network network-address { mask-length | mask-address }

      The source subnet is set for Portal authentication.

      By default, the source authentication subnet is 0.0.0.0/0, indicating that users in all subnets must pass Portal authentication.

      NOTE:

      The command takes effect for only Layer 3 Portal authentication. In Layer 2 Portal authentication, users on all subnets must be authenticated.

    6. Run portal domain domain-name

      A forcible Portal authentication domain name is set.

      By default, no forcible Portal authentication domain name is set.

  • Set access control parameters for Portal authentication users when a built-in Portal server is used.
    1. Run system-view

      The system view is displayed.

    2. Run portal local-server authentication-method { chap | pap }

      The authentication mode of the built-in Portal server is set.

      By default, the built-in Portal server uses CHAP to authenticate Portal users.

    3. Set the Portal authentication-free rule using the following command syntax:

      • Run portal free-rule rule-id { destination { any | ip { ip-address mask { mask-length | ip-mask } [ tcp destination-port port | udp destination-port port ] | any } } | source { any | { interface interface-type interface-number | ip { ip-address mask { mask-length | ip-mask } | any } | vlan vlan-id }* } }*

        The Portal authentication-free rule is set.

      • Run portal free-rule rule-id source ip ip-address mask { mask-length | ip-mask } [ mac mac-address ] [ interface interface-type interface-number ] destination user-group group-name

        The Portal authentication-free rule is set.

        NOTE:

        If a user fails built-in Portal authentication on a Layer 2 interface of the device, the user cannot obtain network access rights defined by the Portal authentication-free rule.

      By default, no Portal authentication-free rule is set.

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141885

Views: 58819

Downloads: 10

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next