No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, DAA, NAC, PPPoE, Policy Association, and IP session.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring a Service Scheme

(Optional) Configuring a Service Scheme

Context

Users must obtain authorization information before going online. You can configure a service scheme to manage authorization information about users.

NOTE:

When the device is switched to the NAC common mode, only the administrator level and redirection ACL can be configured in the service scheme.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run aaa

    The AAA view is displayed.

  3. Run service-scheme service-scheme-name

    A service scheme is created and the service scheme view is displayed.

    By default, no service scheme is configured on the device.

  4. Run admin-user privilege level level

    The user is configured as the administrator and the administrator level for login is specified.

    The value range of level is from 0 to 15. By default, the user level is not specified.

  5. Configure server information.

    Step

    Command

    Remarks

    Configure a DHCP server group. dhcp-server group group-name

    By default, no DHCP server group is configured in a service scheme.

    Configure the IP address of the primary DNS server. dns ip-address

    By default, no primary DNS server is configured in a service scheme.

    Configure the IP address of the secondary DNS server. dns ip-address secondary

    By default, no secondary DNS server is configured in a service scheme.

    Configure the primary WINS server. wins ip-address

    By default, no primary WINS server is configured in a service scheme.

    Configure the secondary WINS server. wins ip-address secondary

    By default, no secondary WINS server is configured in a service scheme.

  6. Run ip-pool pool-name [ move-to new-position ]

    An IP address pool is bound to the service scheme or an existing IP address pool is moved.

    By default, no IP address pool is bound to a service scheme.

    NOTE:

    Ensure that the IP address pool has been configured before running this command.

  7. Run policy-route next-hop-ip-address [ vlan-id ]

    Policy-based routing (PBR) is configured in the service scheme.

    By default, PBR is not configured in a service scheme.

  8. Run redirect-acl { acl-number | name acl-name }

    The ACL used for redirection is configured in the service scheme.

    By default, no ACL used for redirection is configured in a service scheme.

  9. Run idle-cut idle-time flow-value [ inbound | outbound ]

    The idle-cut function is enabled for domain users and the idle-cut parameters are set.

    By default, the idle-cut function is disabled for domain users.

    NOTE:

    The idle-cut command configured in the service scheme view takes effect only for administrators.

  10. Configure network access control parameters in the service scheme.

    1. Run ucl-group { group-index | name group-name }

      A UCL group is bound to the service scheme.

      By default, no UCL group is bound to a service scheme.

      Before running this command, ensure that a UCL group that identifies the user category has been created and configured.

    2. Run user-vlan vlan-id

      A user VLAN is configured in the service scheme.

      By default, no user VLAN is configured in a service scheme.

      Before running this command, ensure that a VLAN has been created using the vlan command.

    3. Run voice-vlan

      The voice VLAN function is enabled in the service scheme.

      By default, the voice VLAN function is disabled in a service scheme.

      For this configuration to take effect, ensure that a VLAN has been specified as the voice VLAN using the voice-vlan enable command and the voice VLAN function has been enabled on the interface.

    4. Run qos-profile profile-name

      A QoS profile is bound to the service scheme.

      NOTE:

      The user-queue command is supported only by the X1E series cards.

      By default, no QoS profile is bound to a service scheme.

      Before running this command, ensure that a QoS profile has been configured. The procedure for configuring a QoS profile is as follows:
      1. In the system view, run qos-profile name profile-name

        A QoS profile is created and the QoS profile view is displayed.

      2. Configure traffic policing, packet processing priority, and user queue in the QoS profile view. (Of all parameters in the QoS profile bound to the service scheme, only those configured using the following commands take effect.)
        • Run car cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] { inbound | outbound }

          Traffic policing is configured in the QoS profile.

          By default, traffic policing is not configured in a QoS profile.

        • Run remark dscp dscp-value { inbound | outbound }

          The action of re-marking DSCP priorities of IP packets is configured in the QoS profile.

          By default, the action of re-marking DSCP priorities of IP packets is not configured in a QoS profile.

        • Run remark 8021p 8021p-value

          The action of re-marking 802.1p priorities of VLAN packets is configured in the QoS profile.

          By default, the action of re-marking 802.1p priorities of VLAN packets is not configured in a QoS profile.

        • Run user-queue pir pir-value [ flow-queue-profile flow-queue-profile-name ] [ flow-mapping-profile flow-mapping-profile-name ]

          A user queue is created in the QoS profile to implement HQoS scheduling.

          By default, no user queue is configured in a QoS profile.

    5. Run quit

      The AAA view is displayed.

    6. Run quit

      The system view is displayed.

Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178117

Views: 117690

Downloads: 55

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next