No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Web-based Configuration Guide

S7700 and S9700 V200R011C10

This document describes the configuration and maintenance of device through the web network management system. The web network management system provides the functions of viewing device information and managing the entire system, interfaces, services, ACL, QoS, routes, security, and tools.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
AAA Profile Mgmt

AAA Profile Mgmt

802.1X Profile

Context

You can configure 802.1X authentication to implement interface-based network access control, that is, to authenticate and control users connected to an interface of an access control device.

Procedure

  • Create an 802.1X profile.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > 802.1X Profile. The 802.1X Profile List page is displayed.
    2. Click Create. The Create 802.1X Profile page is displayed.
    3. Enter the name of the new 802.1X profile in Profile name.
    4. Click OK. The parameter setting page for creating an 802.1X profile is displayed, as shown in Figure 5-164.

      Figure 5-164  Parameter setting page for creating an 802.1X profile

    5. Set parameters for creating an 802.1X profile. Table 5-90 describes the parameters for creating an 802.1X profile.

      Table 5-90  802.1X profile parameters

      Parameter

      Description

      802.1X Profile

      Name of the new 802.1X profile, which cannot be modified.

      User authentication mode

      User authentication mode. The options are as follows:

      • EAP: Extensible Authentication Protocol
      • PAP: Password Authentication Protocol
      • CHAP: Challenge Handshake Authentication Protocol
      Reauthentication Sets periodic 802.1X re-authentication on an interface.
      Reauthentication interval (s) Sets the re-authentication interval for 802.1X authentication users.

      Maximum number of authentication requests

      Maximum number of authentication requests.

      Authentication timeout period (s)

      802.1X authentication timeout interval.

      EAP packet code number EAP packet code number sent to users.
      EAP packet data type Data type in EAP packets sent to users.

    6. Click Apply.
  • Modify an 802.1X profile.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > 802.1X Profile. The 802.1X Profile List page is displayed.
    2. Click the 802.1X profile to modify. The 802.1X profile configuration page is displayed.
    3. Set parameters for modifying an 802.1X profile. Table 5-90 describes the parameters for modifying an 802.1X profile.
    4. Click Apply.
  • Delete an 802.1X profile.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > 802.1X Profile. The 802.1X Profile List page is displayed.
    2. Select the profile that you want to delete and click Delete. In the Confirm dialog box that is displayed, click OK.
  • Display the profile reference relationship.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > 802.1X Profile. The 802.1X Profile List page is displayed.
    2. Select the profile of which you want to display the reference relationship and click Display Reference Relationship. The system displays the types and names of the objects that reference the profile.

      NOTE:

      Click Hide Reference Relationship. The system hides the displayed results.

Portal Profile

Context

In Portal authentication, users do not need a specific client. The Portal server provides users with free Portal services and a Portal authentication page.

Procedure

  • Create a Portal profile.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > Portal Profile. The Portal Profile List page is displayed.
    2. Click Create. The Create Portal Profile page is displayed.
    3. Enter the name of the new Portal profile in Profile name.
    4. Click OK. The parameter setting page for creating a Portal profile is displayed, as shown in Figure 5-165.

      Figure 5-165  Parameter setting page for creating a Portal profile

    5. Set parameters for creating a Portal profile. Table 5-91 describes the parameters for creating a Portal profile.

      Table 5-91  Portal profile parameters

      Parameter

      Description

      Portal Profile

      Name of the Portal profile, which cannot be modified.

      Portal authentication

      Portal authentication mode, which cannot be modified.

      Interoperation protocol

      Portal or HTTP used for interoperation.

      This parameter can be set only when Portal authentication is set to External portal server.

      Primary Portal server group

      Name of the primary Portal server profile.

      This parameter can be set only when Portal authentication is set to External portal server.

      Secondary Portal server group

      Name of the secondary Portal server profile.

      This parameter can be set only when Interoperation protocol is set to Portal.

      Authentication mode

      Authentication mode of the Portal profile.

      This parameter can be set only when Portal authentication is set to External portal server.

      Source authentication network segment/mask

      Source subnet for Portal authentication.

      This parameter can be set only when Authentication mode is Layer 3 authentication.

      User reauthentication when the Portal server is available

      The device is enabled to reauthenticate users when the Portal server changes from Down to Up.

      This parameter can be set only when Interoperation protocol is set to Portal.

    6. Click Apply. In the Info dialog box that is displayed, click OK.
  • Modify a Portal profile.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > Portal Profile. The Portal Profile List page is displayed.
    2. Click the Portal profile to modify. The Portal profile configuration page is displayed.
    3. Set parameters for modifying a Portal profile. Table 5-91 describes the parameters for modifying a Portal profile.
    4. Click Apply. In the Info dialog box that is displayed, click OK.
  • Delete a Portal profile.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > Portal Profile. The Portal Profile List page is displayed.
    2. Select the profile that you want to delete and click Delete. In the Confirm dialog box that is displayed, click OK.
  • Display the profile reference relationship.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > Portal Profile. The Portal Profile List page is displayed.
    2. Select the profile of which you want to display the reference relationship and click Display Reference Relationship. The system displays the types and names of the objects that reference the profile.

      NOTE:

      Click Hide Reference Relationship. The system hides the displayed results.

MAC Authentication Profile

Context

MAC address authentication controls network access permissions of a user based on the access interface and MAC address of the user. The user does not need to install any client software. The user name and password are the MAC address of the user device. After detecting the MAC address of a user for the first time, a network device starts authenticating the user.

Procedure

  • Create a MAC authentication profile.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > MAC Authentication Profile. The MAC Authentication Profile List page is displayed.
    2. Click Create. The Create MAC Authentication Profile page is displayed.
    3. Enter the name of the new MAC authentication profile in Profile name.
    4. Click OK. The parameter setting page for creating a MAC authentication profile is displayed, as shown in Figure 5-166.

      Figure 5-166  Parameter setting page for creating a MAC authentication profile

    5. Set parameters for creating a MAC authentication profile. Table 5-92 describes the parameters for creating a MAC authentication profile.

      Table 5-92  MAC authentication profile parameters

      Parameter

      Description

      MAC Authentication Profile

      Name of the MAC authentication profile, which cannot be modified.

      Reauthentication Periodic MAC address re-authentication on a specified interface.
      Reauthentication interval (s) The re-authentication interval for online MAC address authentication users.

      User name mode

      The MAC address or fixed user name is used for authentication.

      MAC address

      Format of the MAC address.

      This parameter is valid only when User name mode is set to MAC address.

      MAC address case

      Case of the MAC address, which can be uppercase or lowercase.

      This parameter is valid only when User name mode is set to MAC address.

      Password

      Password in MAC address authentication.

      This parameter is valid only when User name mode is set to MAC address.

      Fixed user name

      User name for MAC address authentication.

      This parameter is valid only when User name mode is set to Fixed user name.

      Authentication password

      Password in MAC address authentication.

      This parameter is valid only when User name mode is set to Fixed user name.

    6. Click Apply.
  • Modify a MAC authentication profile.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > MAC Authentication Profile. The MAC Authentication Profile List page is displayed.
    2. Click the MAC authentication profile to modify. The MAC authentication profile page is displayed.
    3. Set parameters for modifying a MAC authentication profile. Table 5-92 describes the parameters for modifying a MAC authentication profile.
    4. Click Apply.
  • Delete a MAC authentication profile.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > MAC Authentication Profile. The MAC Authentication Profile List page is displayed.
    2. Select the profile that you want to delete and click Delete. In the Confirm dialog box that is displayed, click OK.
  • Display the profile reference relationship.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > MAC Authentication Profile. The MAC Authentication Profile List page is displayed.
    2. Select the profile of which you want to display the reference relationship and click Display Reference Relationship. The system displays the types and names of the objects that reference the profile.

      NOTE:

      Click Hide Reference Relationship. The system hides the displayed results.

Authentication-free Rule Profile

Procedure

  • Create a common authentication-free rule.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > Authentication-free Rule Profile. The Authentication-free Rule Profile List page is displayed. The authentication-free rule page is displayed.
    2. Click the authentication-free rule profile default_free_rule.
    3. Set Control mode to Authentication-free Rule.
    4. On Authentication-free Rule List, click Create. The Create Authentication-free Rule page is displayed, as shown in Figure 5-167.

      Figure 5-167  Create Authentication-free Rule page

      Table 5-93 describes the parameters on the page.

      Table 5-93  Parameters for creating an authentication-free rule

      Parameter

      Description

      Rule ID

      ID of the authentication-free rule.

      This parameter cannot be set when Authentication-free is selected.

      Source IP

      Source IP address in the authentication-free rule. If Specified is specified, the IP address and mask need to be configured.

      This parameter cannot be set when Authentication-free is selected.

      Mask

      The mask and IP address specify a network segment.

      This parameter cannot be set when Authentication-free is selected.

      Destination IP

      Destination IP address in the authentication-free rule. If Specified is specified, the IP address and mask need to be configured.

      This parameter cannot be set when Authentication-free is selected.

      Mask

      The mask and IP address specify a network segment.

      This parameter cannot be set when Authentication-free is selected.

      Protocol type

      Type of the protocol that users are allowed to access.

      This parameter cannot be set when Authentication-free is selected.

      This parameter can be set only when Destination IP is set to Specified.

      Destination port number

      Destination port number that users are allowed to access.

      This parameter cannot be set when Authentication-free is selected.

      This parameter can be set only when Protocol type is set to TCP or UDP.

    5. Set the parameters and click OK.
  • Modify a common authentication-free rule.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > Authentication-free Rule Profile. The Authentication-free Rule Profile List page is displayed.
    2. Click the authentication-free rule profile default_free_rule. The authentication-free rule page is displayed.
    3. Set Control mode to Authentication-free Rule.
    4. Click the authentication-free rule to modify. The page for configuring the authentication-free rules is displayed.
    5. Modify an authentication-free rule. For description of the parameters, see Table 5-93.
    6. Click OK.
  • Delete a common authentication-free rule.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > Authentication-free Rule Profile. The Authentication-free Rule Profile List page is displayed.
    2. Click the authentication-free rule profile default_free_rule. The authentication-free rule page is displayed.
    3. Set Control mode to Authentication-free Rule.
    4. Select the profile that you want to delete and click Delete. In the Confirm dialog box that is displayed, click OK.
  • Create an ACL-defined authentication-free rule.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > Authentication-free Rule Profile. The Authentication-free Rule Profile List page is displayed.
    2. Click the authentication-free rule profile default_free_rule. The authentication-free rule page is displayed.
    3. Set Control mode to ACL, as shown in Figure 5-168.

      Figure 5-168  Creating an ACL-defined authentication-free rule

    4. Click . In the dialog box that is displayed, select an ACL.
    5. Click Apply.
  • Display the profile reference relationship.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > Authentication-free Rule Profile. The Authentication-free Rule Profile List page is displayed.
    2. Select the profile of which you want to display the reference relationship and click Display Reference Relationship. The system displays the types and names of the objects that reference the profile.

      NOTE:

      Click Hide Reference Relationship. The system hides the displayed results.

Domain Profile

Context

The created authentication and authorization schemes take effect only after being applied to a domain.

Procedure

  • Create a domain profile.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > Domain Profile. The Domain Profile List page is displayed.
    2. Click Create. The Create Domain Profile page is displayed.
    3. Enter the name of the new domain profile in Profile name.
    4. Click OK. The parameter setting page for creating a domain profile is displayed, as shown in Figure 5-169.

      Figure 5-169  The parameter setting page for creating a domain profile

    5. Set parameters for creating a domain profile. Table 5-94 describes the parameters for creating a domain profile.

      Table 5-94  Domain profile parameters

      Parameter

      Description

      Authentication scheme

      Selects a created authentication scheme.

      Authorization scheme

      Selects a created authorization scheme.

      Accounting scheme

      Selects a created accounting scheme.

      Service scheme

      Selects a created service scheme.

      RADIUS server profile

      Selects a created RADIUS profile.

      HWTACACS server profile

      Selects a created HWTACACS profile.

    6. Click Apply. In the Info dialog box that is displayed, click OK.
  • Modify a domain profile.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > Domain Profile. The Domain Profile List page is displayed.
    2. Click the domain profile to modify. The domain profile page is displayed.
    3. Set parameters for modifying a domain profile. Table 5-94 describes the parameters for modifying a domain profile.
    4. Click Apply. In the Info dialog box that is displayed, click OK.
  • Delete a domain profile.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > Domain Profile. The Domain Profile List page is displayed.
    2. Select the profile that you want to delete and click Delete. In the Confirm dialog box that is displayed, click OK.
  • Display the profile reference relationship.
    1. Choose Configuration > Security Services > AAA Profile Mgmt > Domain Profile. The Domain Profile List page is displayed.
    2. Select the profile of which you want to display the reference relationship and click Display Reference Relationship. The system displays the types and names of the objects that reference the profile.

      NOTE:

      Click Hide Reference Relationship. The system hides the displayed results.

Translation
Download
Updated: 2019-10-17

Document ID: EDOC1000178323

Views: 87995

Downloads: 112

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next