No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, DAA, NAC, PPPoE, Policy Association, and IP session.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring Network Access Rights for Users in Different Authentication Stages

(Optional) Configuring Network Access Rights for Users in Different Authentication Stages

Context

To grant users rights to access certain network resources during access authentication, you can configure network access rights for users.

  • pre-authen: specifies the network access rights granted to users before authentication starts.
  • authen-fail: specifies the network access rights granted to users when authentication fails.
  • authen-server-down: specifies the network access rights granted to users when the authentication server does not respond.
NOTE:
The priority of authentication event on the interface is higher than the priority of authentication event in the system view, and higher than the priority of guest VLAN, restrict VLAN, or critical VLAN.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Configure network access rights for users in the system view or VLANIF interface view.

    View

    Step

    System view

    Run the authentication event { pre-authen |authen-fail | authen-server-down } user-group group-name command to configure the network access rights in different authentication stages.

    By default, no network access right is granted to users in different authentication stages.

    Interface view

    1. Run the interface interface-type interface-number command to enter the interface view.

    2. Run the authentication event { authen-fail | authen-server-down } user-group group-name command to configure the network access rights in different authentication stages.

    3. Run the quit command to return to the system view.

    By default, no network access right is granted to users in different authentication stages.

  3. (Optional) Set the timeout period of the network access rights granted to users in different authentication stages. The configuration can be performed in the system view or interface view.

    View

    Step

    System view

    Run the authentication event { pre-authen | authen-fail | authen-server-down } session-timeout session-time command to set the timeout period of the network access rights granted to users in different authentication stages.

    By default, the timeout period of the network access rights granted to users is 15 minutes.

    Interface view
    1. Run the interface interface-type interface-number command to enter the interface view.

    2. Run the authentication event { pre-authen | authen-fail | authen-server-down } session-timeout session-time command to set the timeout period of the network access rights granted to users in different authentication stages.

      By default, the timeout period of the network access rights granted to users is 15 minutes.

    3. Run the quit command to return to the system view.

  4. (Optional) Configure the device to return an authentication failure packet when a user fails in authentication or the authentication server does not respond. The configuration can be performed in the system view or interface view.

    View

    Step

    System view

    Run the authentication event { authen-fail | authen-server-down } response-fail command to configure the device to return an authentication failure packet when a user fails in authentication or the authentication server does not respond.

    By default, the device returns an authentication success packet when a user fails in authentication or the authentication server does not respond.

    Interface view
    1. Run the interface interface-type interface-number command to enter the interface view.

    2. Run the authentication event { authen-fail | authen-server-down } response-fail command to configure the device to return an authentication failure packet when a user fails in authentication or the authentication server does not respond.

    By default, the device returns an authentication success packet when a user fails in authentication or the authentication server does not respond.

Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178117

Views: 119445

Downloads: 55

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next