No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R010C00 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring a Service Scheme

(Optional) Configuring a Service Scheme

Context

Users must obtain authorization information before going online. You can configure a service scheme to manage authorization information about users.

NOTE:

When the device is switched to the NAC common mode, only the administrator level and redirection ACL can be configured in the service scheme.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run aaa

    The AAA view is displayed.

  3. Run service-scheme service-scheme-name

    A service scheme is created and the service scheme view is displayed.

    By default, no service scheme is configured on the device.

  4. Run admin-user privilege level level

    The user is configured as the administrator and the administrator level for login is specified.

    The value range of level is from 0 to 15. By default, the user level is not specified.

  5. Configure server information.

    Step

    Command

    Remarks

    Configure the IP address of the primary DNS server. dns ip-address

    By default, no primary DNS server is configured in a service scheme.

    Configure the IP address of the secondary DNS server. dns ip-address secondary

    By default, no secondary DNS server is configured in a service scheme.

  6. Run redirect-acl { acl-number | name acl-name }

    The ACL used for redirection is configured in the service scheme.

    By default, no ACL used for redirection is configured in a service scheme.

  7. Run idle-cut idle-time flow-value [ inbound | outbound ]

    The idle-cut function is enabled for domain users and the idle-cut parameters are set.

    By default, the idle-cut function is disabled for domain users.

    NOTE:

    The idle-cut command configured in the service scheme view takes effect only for administrators.

  8. Configure network access control parameters in the service scheme.

    1. Run user-vlan vlan-id

      A user VLAN is configured in the service scheme.

      By default, no user VLAN is configured in a service scheme.

      Before running this command, ensure that a VLAN has been created using the vlan command.

    2. Run voice-vlan

      The voice VLAN function is enabled in the service scheme.

      By default, the voice VLAN function is disabled in a service scheme.

      For this configuration to take effect, ensure that a VLAN has been specified as the voice VLAN using the voice-vlan enable command and the voice VLAN function has been enabled on the interface.

    3. Run quit

      The AAA view is displayed.

    4. Run quit

      The system view is displayed.

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141885

Views: 57354

Downloads: 10

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next