No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, DAA, NAC, PPPoE, Policy Association, and IP session.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Applying an AAA Scheme, a RADIUS Server Template, and Authorization Information to a Domain

Applying an AAA Scheme, a RADIUS Server Template, and Authorization Information to a Domain

Context

AAA schemes, server templates, and authorization information are managed in a domain. A user uses only AAA configuration information in the domain to which the user belongs.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run aaa

    The AAA view is displayed.

  3. Run domain domain-name [ domain-index domain-index ]

    A domain is created and the domain view is displayed, or the view of an existing domain is displayed.

    By default, the default and default_admin domains are available on the device. The default domain is used by common access users and the default_admin domain is used by administrators.

  4. Run authentication-scheme scheme-name

    An authentication scheme is applied to the domain.

    By default, the authentication scheme named default is applied to the default_admin domain, and the authentication scheme named radius is applied to the default domain and other domains.

  5. Run accounting-scheme accounting-scheme-name

    An accounting scheme is applied to the domain.

    By default, the default accounting scheme is applied to a domain. In the default accounting scheme, non-accounting is used and the real-time accounting function is disabled.

  6. Run radius-server template-name

    A RADIUS server template is applied to the domain.

    By default, no RADIUS server template is applied to the default_admin domain, and the RADIUS server template named default is applied to the default domain and other domains.

  7. (Optional) Configure authorization information in the domain.

    NOTE:

    Only the NAC common mode supports authorization by a user group.

    • Run user-group group-name

      A user group is applied to the domain. That is, the device will deliver authorization information of the user group to users in the domain.

      By default, no user group is applied to a domain.

    • Run service-scheme service-scheme-name

      A service scheme is applied to the domain. That is, the device will deliver authorization information in the service scheme to users in the domain.

      By default, no service scheme is applied to a domain.

Verifying the Configuration

Run the display domain [ name domain-name ] command to check the domain configuration.

Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178117

Views: 124432

Downloads: 59

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next