No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, DAA, NAC, PPPoE, Policy Association, and IP session.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring the RADIUS Server Status Detection Function

(Optional) Configuring the RADIUS Server Status Detection Function

Context

A device can detect the RADIUS server status using the RADIUS server status detection function. If the RADIUS server status is Down, users can obtain escape rights. If the RADIUS server status reverts to Up, escape rights are removed from the users and the users are reauthenticated.

Procedure

  • Configure conditions for setting the RADIUS server status to Down.

    • Conditions for setting the RADIUS server status to Down during the RADIUS server status detection.

      1. Run system-view

        The system view is displayed.

      2. Run radius-server { dead-interval dead-interval | dead-count dead-count }

        The RADIUS server detection interval and maximum number of consecutive unacknowledged packets in each detection interval are configured.

        By default, the RADIUS server detection interval is 5 seconds and the maximum number of consecutive unacknowledged packets in each detection interval is 2.

      3. Run the return command to return to the user view.

  • (Optional) Configure the automatic detection function.

    1. Run system-view

      The system view is displayed.

    2. Run radius-server template template-name

      The RADIUS server template view is displayed.

    3. Run radius-server testuser username user-name password cipher password

      A user account for automatic RADIUS server detection is created.

      By default, no RADIUS template-based user account for automatic detection is configured.

      After the user account for automatic RADIUS server detection is created, the automatic detection function is enabled.

    4. (Optional) Run radius-server detect-server interval interval

      The automatic detection interval for RADIUS servers is configured.

      By default, the automatic detection interval for RADIUS servers is 60 seconds.

    5. Run the return command to return to the user view.

  • (Optional) Configure the duration for which a RADIUS server remains Down, namely, configure the Force-up timer.

    NOTE:

    After setting the RADIUS server status to Force-up and automatic detection is enabled, the device immediately sends a detection packet. If the device receives a response packet from the RADIUS server within the timeout period, the device sets the RADIUS server status to Up; otherwise, the device sets the RADIUS server status to Down.

    1. Run system-view

      The system view is displayed.

    2. Run radius-server template template-name

      The RADIUS server template view is displayed.

    3. Run radius-server dead-time dead-time

      The Force-up timer for RADIUS servers is configured.

      By default, the Force-up timer for RADIUS servers is 5 minutes.

    4. Run the return command to return to the user view.

  • (Optional) Configure status synchronization between RADIUS authentication and accounting servers.

    1. Run system-view

      The system view is displayed.

    2. Run the radius-server dead-detect-condition by-server-ip command to configure IP address-based automatic detection for RADIUS servers.

      By default, RADIUS authentication and accounting servers are detected separately. After this function is configured, RADIUS authentication and accounting servers with the same IP address in the same VPN instance are detected together and their status are updated at the same time.

    3. Run the return command to return to the user view.

Verifying the Configuration

  • Run the display radius-server { dead-interval | dead-count } command to check configuration information about the RADIUS server detection intervaland maximum number of consecutive unacknowledged packets in each detection interval.
  • Run the display radius-server configuration command to check configuration information about the user account for automatic detection, detection interval, and timeout period for detection packets in the RADIUS server template.

Follow-up Procedure

  1. Run the authentication event authen-server-down action authorize command in the authentication profile view to configure the user escape function if the authentication server goes Down. For details, see (Optional) Configuring Authentication Event Authorization Information in NAC Configuration (Unified Mode).
  2. Run the authentication event authen-server-up action re-authen command in the authentication profile view to configure the reauthentication function after the authentication server reverts to the Up status. For details, see (Optional) Configuring Re-authentication for Users in NAC Configuration (Unified Mode).
Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178117

Views: 120229

Downloads: 55

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next