No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, DAA, NAC, PPPoE, Policy Association, and IP session.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Terminal Type Identification

Configuring Terminal Type Identification

Context

As an increasing number of smart terminals are used, Bring Your Own Device (BYOD), a new working style for enterprises, has become a trend. When an enterprise uses the BYOD solution, the administrator must determine the users and terminals that can connect to the enterprise network, where users can connect to the enterprise network, and access rights of different terminals. All these require terminal type identification.

After the terminal type identification function is configured, an AC can determine terminal types by analyzing MAC addresses, DHCP option information, and user agent (UA) information of terminals. The AC then can control terminal access and grant access rights to terminals accordingly.

If the server does not support the terminal type identification function, you can configure the function on the device. The device then sends identified terminal types to the server and the server can deliver corresponding rights based on the terminal types.

NOTE:

The terminal type identification function takes effect only for wireless access users.

The AP3010DN-AGN does not support terminal type identification.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run device-profile profile-name profile-name

    A terminal type identification profile is created and the terminal type identification profile view is displayed.

  3. Run device-type device-name

    A terminal type identifier is configured.

    By default, no terminal type identifier is available in the system.

  4. Use any one or more commands to configure terminal type identification rules as required:

    • MAC address-based terminal type identification rule

      Run the rule rule-id mac mac-address mask { mask-length | mask } command to configure a MAC address-based terminal type identification rule.

      By default, no MAC address-based terminal identification rule is configured.

    • UA-based terminal type identification rule

      Run the rule rule-id user-agent { sub-match | all-match } user-agent-text command to configure an UA-based terminal identification rule.

      By default, no UA-based terminal identification rule is configured.

      NOTE:

      If user-agent is specified in a terminal type identification rule, run the http parse user-agent enable command to enable the UA function.

    • DHCP option-based terminal type identification rule

      Run the rule rule-id dhcp-option option-id { sub-match | all-match } { ascii option-text | hex option-hex-string } command to configure a DHCP option-based terminal type identification rule.

      By default, no DHCP option-based terminal identification rule is configured.

  5. Run if-match rule rule-id [ { and | or } rule rule-id ] &<1-7>

    The matching mode of terminal type identification rules is configured.

    By default, the matching mode of terminal type identification rules is not configured.

  6. Run enable

    Terminal type identification is enabled.

    By default, terminal type identification is disabled.

Verifying the Configuration

  • Run the display device-profile { all | profile-name profile-name } command to check the configuration of the terminal type identification profile.

Follow-up Procedure

Configure authentication, authorization, and accounting policies so that the device can determine whether an identified terminal type is authorized and deliver rights to the terminal to secure the network. For details about the configuration, see AAA Configuration.

NOTE:

When RADIUS authentication or accounting is used, the terminal type identified by the device is carried by Huawei proprietary attribute 157 HW-Terminal-Type and sent to the RADIUS server. The RADIUS server must identify this attribute so that it can deliver authorization information based on the user terminal type.

Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178117

Views: 123407

Downloads: 59

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next