No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, DAA, NAC, PPPoE, Policy Association, and IP session.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Creating and Configuring a Domain

Creating and Configuring a Domain

Context

A NAS performs domain-based user management. A domain is a group of users and each user belongs to a domain. A user uses only AAA configuration information in the domain to which the user belongs.

The device determines the domain to which a user belongs based on the user name. Before performing authentication, authorization, and accounting on users, you need to create the domain to which the users belong.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run aaa

    The AAA view is displayed.

  3. Run domain domain-name [ domain-index domain-index ]

    A domain is created and the domain view is displayed, or the view of an existing domain is displayed.

    By default, the default and default_admin domains are available on the device. The default domain is used by common access users and the default_admin domain is used by administrators.

  4. (Optional) Run state { active | block [ time-range time-name &<1-4> ] }

    The domain state is configured.

    By default, a domain is in active state after being created. When a domain is in blocking state, users in this domain cannot log in.

  5. (Optional) Run statistic enable

    Traffic statistics collection is enabled for users in the domain.

    By default, traffic statistics collection is disabled for users in a domain.

    NOTE:

    This command takes effect only for IPv4 users. To collect traffic statistics of IPv6 users, run the authentication ipv6-statistics enable command in the system view.

  6. (Optional) Configure the DNS function, which takes effect for all domains on the device.

    1. Run quit

      Return to the AAA view.

    2. Run domainname-parse-direction { left-to-right | right-to-left }

      The domain name resolution direction is configured.

      By default, a domain name is parsed from left to right.

    3. Run domain-name-delimiter delimiter

      The domain name delimiter is configured.

      By default, the domain name delimiter is @.

    4. Run domain-location { after-delimiter | before-delimiter }

      The position of a domain name is configured.

      By default, a domain name is placed behind the domain name delimiter.

    NOTE:

    The DNS function can also be configured in the authentication profile view. If the DNS function is configured in both the AAA view and authentication profile view, the device preferentially uses the configuration in the authentication profile, which applies only to wireless users.

  7. (Optional) Configure the security string function.

    1. Run security-name enable

      The security string function is enabled.

      By default, the security string function is enabled.

    2. Run security-name-delimiter delimiter

      The security string delimiter is configured.

      By default, the security string delimiter is an asterisk (*).

      NOTE:

      The security string delimiter can also be configured in the authentication profile view. If the security string delimiter is configured in both the AAA view and authentication profile view, the device preferentially uses the configuration in the authentication profile, which applies only to wireless users.

  8. (Optional) Specify a permitted domain for wireless users. (This step applies only to wireless users.)

    Procedure

    Command

    Description

    Return to the system view.

    quit

    -

    Create an authentication profile and enter the authentication profile view.

    authentication-profile name authentication-profile-name

    By default, the device has six built-in authentication profiles: default_authen_profile, dot1x_authen_profile, mac_authen_profile, portal_authen_profile, dot1xmac_authen_profile, and multi_authen_profile.

    Specify a permitted domain for wireless users.

    permit-domain name domain-name &<1-4>

    By default, no permitted domain is specified for wireless users.

    After a permitted domain is specified in an authentication profile, only users in the permitted domain can be subject to authentication, authorization, and accounting.

Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178117

Views: 118979

Downloads: 55

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next