No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, DAA, NAC, PPPoE, Policy Association, and IP session.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring Network Access Rights for Users in Different Authentication Stages

(Optional) Configuring Network Access Rights for Users in Different Authentication Stages

Context

To grant users rights to access certain network resources during access authentication, you can configure network access rights for users.

  • pre-authen: specifies the network access rights granted to users before authentication starts.
  • authen-fail: specifies the network access rights granted to users when authentication fails.
  • authen-server-down: specifies the network access rights granted to users when the authentication server does not respond.
NOTE:
The priority of authentication event on the interface is higher than the priority of authentication event in the system view, and higher than the priority of guest VLAN, restrict VLAN, or critical VLAN.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Configure network access rights for users in the system view or interface view.

    View

    Step

    System view

    Run the authentication event { pre-authen | authen-fail | authen-server-down } { vlan vlan-id | user-group group-name } command to configure the network access rights in different authentication stages. By default, no network access right is granted to users in different authentication stages.

    Interface view

    1. Run the interface interface-type interface-number command to enter the interface view.

    2. Configure the network access rights granted to users in different authentication stages. The command has different syntax when it is executed in the Layer 2 physical interface view and VLANIF interface view.
      • Layer 2 physical interface view: authentication event { pre-authen | authen-fail | authen-server-down } { vlan vlan-id | user-group group-name }
      • VLANIF interface view: authentication event { authen-fail | authen-server-down } user-group group-name
    3. Run the quit command to return to the system view.
    By default, no network access right is granted to users in different authentication stages.

  3. (Optional) Set the timeout period of the network access rights granted to users in different authentication stages. The configuration can be performed in the system view or interface view.

    View

    Step

    System view

    Run the authentication event { pre-authen | authen-fail | authen-server-down } session-timeout session-time command to set the timeout period of the network access rights granted to users in different authentication stages.

    By default, the timeout period of the network access rights granted to users is 15 minutes.

    Interface view
    1. Run the interface interface-type interface-number command to enter the interface view.

    2. Run the authentication event { pre-authen | authen-fail | authen-server-down } session-timeout session-time command to set the timeout period of the network access rights granted to users in different authentication stages.

      By default, the timeout period of the network access rights granted to users is 15 minutes.

    3. Run the quit command to return to the system view.

  4. (Optional) Configure the interval for re-authenticating users before the authentication succeeds.

    The device periodically re-authenticates the pre-connection users and the users who fail to be authenticated so that the users can be authenticated in a timely manner. You can configure the re-authentication interval according to the actual networking.

    User Type Procedure
    Pre-connection user Run the authentication timer re-authen pre-authen reauth-time command to configure the interval for re-authenticating pre-connection users.

    By default, pre-connection users are re-authenticated at an interval of 60 seconds.

    Users who fail authentication Run the authentication timer re-authen authen-fail reauth-time command to configure the interval for re-authenticating users who fail to be authenticated.

    By default, users who fail to be authenticated are re-authenticated at an interval of 60 seconds.

Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178117

Views: 123044

Downloads: 58

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next