No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R010C00 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring Re-authentication for Users

(Optional) Configuring Re-authentication for Users

Context

The device records entries for pre-connection users and users who fail to be authenticated, and grants corresponding network access rights to the users. For details, see (Optional) Configuring Authentication Event Authorization Information. To ensure that users are successfully authenticated in a timely manner and obtain normal network access rights, you can configure the device to re-authenticate users who fail to be authenticated based on user entries.

If a user fails to be re-authenticated before the aging time expires, the device deletes the corresponding user entry and reclaims the granted network access rights. If a user is successfully re-authenticated, the device adds the user to entries of authenticated users and grants corresponding network access rights to the user.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run authentication-profile name authentication-profile-name

    The authentication profile view is displayed.

  3. Run authentication timer re-authen { pre-authen re-authen-time | authen-fail re-authen-time }

    A re-authentication interval is configured for pre-connection users and users who fail to be authenticated.

    By default, the device re-authenticates pre-connection users and users who fail to be authenticated at an interval of 60 seconds.

    NOTE:

    The device adds users with the authen-fail or authen-server-down authorization and pre-connection users to entries of users who fail to be authenticated or pre-connection users. By default, the device re-authenticates users in the entries. You can perform the preceding operations to change the re-authentication interval.

    To reduce the impact on the device performance when many users exist, the user re-authentication interval may be longer than the configured re-authentication interval.

  4. Run authentication event authen-server-up action re-authen

    The device is enabled to re-authenticate users in the survival state when the authentication server changes from Down to Up.

    By default, the device does not re-authenticate users in the survival state when the authentication server changes from Down to UP.

    NOTE:
    • The radius-server testuser command has been configured in the RADIUS server template so that the device can detect that the authentication server changes from Down to Up.

      If the radius-server testuser command is not configured and the device sets the status of the authentication server to Down, the device will automatically set the status of the authentication server to Up after the interval (configured using the radius-server retransmit timeout dead-time command) for the server to restore to the active state. The device will not re-authenticate users.

    • The device adds users with the authen-server-down authorization to entries of users who fail to be authenticated upon an authentication server Down event. The device will re-authenticate users in the entries when it detects that the authentication server is Up.

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141885

Views: 58791

Downloads: 10

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next