No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R010C00 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Static Users

Configuring Static Users

Context

In network deployment, static IP addresses are assigned to dumb terminals such as printers and servers. These users can be configured as static users for flexible authentication.

After static users are configured, the device can use static user information such as their IP addresses as the user names to authenticate the users only if one of the 802.1X authentication, MAC address authentication, and Portal authentication modes is enabled on the interfaces connected to the static users.

NOTE:

After static users are configured, the device first uses the static user names and passwords to authenticate the users. If the authentication fails, the device can perform 802.1X authentication, MAC address authentication, or Portal authentication on the users.

If the IP address of a user who passes 802.1X, MAC address, or Portal authentication is modified to a static IP address, the device changes the user state to pre-connection when detecting the user IP address change (for example, when the user accesses network resources). After the re-authentication period for the pre-connection state expires, the user can be re-authenticated for connection.

If a user's IP address is not within the IP address range of static users, the device changes the user state to pre-connection during authentication. If the user changes the IP address to a static user's IP address, the user cannot be successfully authenticated immediately. After the re-authentication period for the pre-connection state expires, the user can be re-authenticated and go online. If the user needs to go online immediately, the administrator can run the cut access-user command to force the user to go offline. The user then can be successfully authenticated immediately.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run static-user start-ip-address [ end-ip-address ] [ domain-name domain-name | interface interface-type interface-number [ detect ] | mac-address mac-address | vlan vlan-id ] *

    The static user is configured.

    By default, no static user is configured.

    When the interface (interface interface-type interface-number) mapping static users is specified, the VLAN (vlan vlan-id) to which the interface belongs must be configured.

  3. Run static-user username format-include { ip-address | mac-address | system-name }

    The static user name for authentication is set.

    By default, the name of a static user consists of system-name and ip-address. For example, if the access device name is huawei and user IP address is 1.1.1.1, the static user name is huawei1.1.1.1.

  4. Run static-user password cipher password

    The static user password for authentication is set.

    By default, the password of a static user is vlan.

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141885

Views: 53876

Downloads: 10

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next