No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, DAA, NAC, PPPoE, Policy Association, and IP session.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring the Default Domain and Forcible Domain For Users

(Optional) Configuring the Default Domain and Forcible Domain For Users

Prerequisites

A domain has been created using the domain (AAA view) command.

Context

The device uses domains to manage users. During user authentication, the device assigns users to specified domains based on the domain names contained in user names. In actual scenarios, the user names entered by users do not contain domain names. To address this issue, you can configure the default domain on the device. After that, the device can assign the users who do not provide domain names to the default domain for authentication.

If the user names entered by many users do not contain domain names, excess users are authenticated in the default domain, making the authentication scheme inflexible. If all users on an interface need to use the same AAA scheme when the user names entered by some users contain domain name and those entered by other users do not, the device also cannot meet such requirement. To address this issue, you can configure a forcible domain. Then all users on the interface will be authenticated in the forcible domain no matter whether the user names entered by the users contain domain names.

Procedure

  • Configuring the default domain
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The interface view is displayed.

    3. Run domain name domain-name ppp

      The default domain is configured.

      By default, no default domain is configured.

      NOTE:

      In the common NAC mode, the default domain cannot be configured on the device using this method.

  • Configuring the forcible domain
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The VLANIF interface view is displayed.

    3. Run domain name domain-name ppp force

      The forcible domain is configured.

      By default, no forcible domain is configured.

Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178117

Views: 120042

Downloads: 55

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next