No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R010C00 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Applying AAA Schemes to a Domain

Applying AAA Schemes to a Domain

Context

The created authentication and authorization schemes take effect only after being applied to a domain. When local authentication and authorization are used, the default accounting scheme non-accounting is used.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run aaa

    The AAA view is displayed.

  3. Run domain domain-name [ domain-index domain-index ]

    A domain is created and the domain view is displayed, or the view of an existing domain is displayed.

    The device has two default domains:
    • default: Used by common access users
    • default_admin: Used by administrators
    NOTE:
    • If a user enters a user name that does not contain a domain name, the user is authenticated in the default domain. In this case, you need to run the domain domain-name [ admin ] command and set domain-name to configure a global default domain on the device.
    • If a user enters a user name that contains a domain name during authentication, the user must enter the correct value of domain-name.

  4. Apply AAA schemes to the domain.

    Procedure

    Command

    Description

    Apply an authentication scheme to the domain.

    authentication-scheme authentication-scheme-name

    By default, the authentication scheme named radius is applied to the default domain, the authentication scheme named default is applied to the default_admin domain, and the authentication scheme named default is applied to other domains.

    Apply an authorization scheme to the domain.

    authorization-scheme authorization-scheme-name

    By default, no authorization scheme is applied to a domain.

  5. Configure local authorization rules.

    Procedure

    Command

    Description

    (Optional) Apply a user group to the domain.

    user-group group-name

    By default, no user group is applied to a domain.

    NOTE:

    This command is supported only in the NAC common mode.

    (Optional) Apply a service scheme to the domain.

    service-scheme service-scheme-name

    By default, no service scheme is applied to a domain.

  6. (Optional) Specify the domain state and enable traffic statistics collection for the domain.

    Procedure

    Command

    Description

    Specify the domain state.

    state { active | block [ time-range time-name &<1–4> ] }

    When a domain is in the blocking state, users in this domain cannot log in. By default, a created domain is in the active state.

  7. (Optional) Configure a domain name parsing scheme.

    Procedure

    Command

    Description

    AAA view

    Exit from the domain view. quit

    -

    Specify the domain name parsing direction.

    domainname-parse-direction { left-to-right | right-to-left }

    The domain name can be parsed from left to right, or from right to left.

    By default, the domain name is parsed from left to right.

    Set the domain name delimiter.

    domain-name-delimiter delimiter

    A domain name delimiter can be any of the following: \ / : < > | @ ' %.

    The default domain name delimiter is @.

    Specify the domain name location.

    domain-location { after-delimiter | before-delimiter }

    By default, the domain name is placed after the domain name delimiter.

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141885

Views: 57751

Downloads: 10

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next