No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R010C00 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring the User Access Mode

(Optional) Configuring the User Access Mode

Context

After enabling NAC authentication, you can configure a user access mode based on the user access on the interface. The user access modes include:
  • single-terminal: applies to the scenario in which only one data terminal is connected to the network through the interface.
  • single-voice-with-data: applies to the scenario in which only one data terminal is connected to the network on the device interface through a voice terminal.
  • multi-share: applies to the scenario that does not require high security and in which multiple data terminals are connected to the network on the device interface.
  • multi-authen: applies to the scenario that requires high security and in which multiple data terminals are connected to the network on the device interface. In this access mode, you can configure the maximum number of access users based on the actual user quantity on the interface. This prevents malicious users from occupying a large amount of device resources and ensures that the users on other device interfaces can normally go online.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run authentication-profile name authentication-profile-name

    The authentication profile view is displayed.

  3. Run authentication mode { single-terminal | single-voice-with-data | multi-share | multi-authen [ max-user max-user-number [ dot1x | mac-authen | portal ] * ] }

    The maximum number of access users allowed on the interface is configured when the user access mode or interface access authentication mode is multi-authen.

    By default, the access authentication mode is multi-authen.

    NOTE:
    • VLANIF interfaces do not support this function.
    • The authentication mode multi-authen max-user max-user-number command only indicates the maximum number of access users allowed by the interface in multi-authen mode, not the access mode of the specified interface. The interface access mode needs to be modified to multi-authen using the authentication mode multi-authen command.

    • If the first access user fails to be authenticated on a physical interface and sets up a pre-connection after the multi-share mode is configured on the physical interface, new access users will also fail to be authenticated on the interface. Therefore, the following operations are recommended if the first access user may fail to be authenticated after the multi-share mode is configured on a physical interface.
      • Configure users to not set up pre-connections when 802.1X authentication or MAC address authentication is used. You can run the undo authentication pre-authen-access enable command to configure the device to not generate entries for users who obtain rights in the pre-connection phase.
      • Do not use the multi-share mode with Portal authentication.
    • In L2 BNG scenarios, the multi-share mode is not supported.

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141885

Views: 54789

Downloads: 10

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next