No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, DAA, NAC, PPPoE, Policy Association, and IP session.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring Voice Terminals to Go Online Without Authentication

(Optional) Configuring Voice Terminals to Go Online Without Authentication

Context

When both data terminals (such as PCs) and voice terminals (such as IP phones) are connected to switches, NAC is configured on the switches to manage and control the data terminals. The voice terminals, however, only need to connect to the network without being managed and controlled. In this case, you can configure the voice terminals to go online without authentication on the switches. Then the voice terminals identified by the switches can go online without authentication.

NOTE:

If an 802.1X user initiates authentication through a voice terminal, a switch preferentially processes the authentication request. If the authentication succeeds, the terminal obtains the corresponding network access rights. If the authentication fails, the switch identifies the terminal type and enables the terminal to go online without authentication.

Pre-configuration Tasks

To enable the switches to identify the voice terminals, enable LLDP or configure OUI for the voice VLAN on the switches. For details, see "Configuring Basic LLDP Functions" in "LLDP Configuration" in the S12700 V200R011C10 Configuration Guide - Network Management and Monitoring or "Configuring a Voice VLAN Based on a MAC Address" in "Voice VLAN Configuration" in the S12700 V200R011C10 Configuration Guide - Ethernet Switching. If a voice device supports only CDP but does not support LLDP, configure CDP-compatible LLDP on the switch using lldp compliance cdp receive command.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run authentication device-type voice authorize [ user-group group-name ]

    The voice terminals are enabled to go online without authentication.

    By default, voice terminals are disabled from going online without authentication.

    NOTE:

    Voice terminals can obtain the corresponding network access rights after they pass authentication and go online, when user-group group-name is not specified. When user-group group-name is specified, voice terminals can obtain the network access rights specified by the user group after they go online. To use a user group to define network access rights for voice terminals, run the user-group group-name command to create a user group and configure network authorization information for the users in the group. Note that the user group takes effect only after it is enabled.

    If you run this command repeatedly, the latest configuration overrides the previous ones.

Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178117

Views: 117837

Downloads: 55

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next