No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Web-based Configuration Guide

S7700 and S9700 V200R011C10

This document describes the configuration and maintenance of device through the web network management system. The web network management system provides the functions of viewing device information and managing the entire system, interfaces, services, ACL, QoS, routes, security, and tools.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
AAA

AAA

This section describes the AAA configurations.

NOTE:

This node is only available in the NAC unified mode.

Authentication Profile

Procedure

  • Create an authentication profile.
    1. Choose Configuration > Security Services > AAA and click the Authentication Profile tab, as shown in Figure 5-140.

      Figure 5-140  Authentication Profile

    2. Click Create. The Create Authentication Profile page is displayed, as shown in Figure 5-141.

      Figure 5-141  Create Authentication Profile

    3. Fill in the profile name.
    4. Click OK. The parameter setting page of the new authentication profile is displayed, as shown in Figure 5-142.

      Figure 5-142  Authentication Profile

      Table 5-73 describes the parameters on the page.
      Table 5-73  Parameters for creating an authentication profile

      Parameter

      Description

      Prevent new auth info from overwriting previous one

      Whether the newly delivered authentication information overwrites all the original authentication information.

      Security string delimiter

      Security character string separator.

    5. Set parameters for authentication profile.
    6. Click Apply. In the dialog box that is displayed, click OK.
  • Modify an authentication profile.
    1. Choose Configuration > Security Services > AAA and click the Authentication Profile tab.
    2. Click the name of the authentication profile you want to modify on the Authentication Profile List page to open the authentication profile configuration page.
    3. Set parameters for modifying the authentication profile. Table 5-73 describes the parameters for modifying an authentication profile.
    4. Click Apply. In the dialog box that is displayed, click OK.
  • Delete an authentication profile.
    1. Choose Configuration > Security Services > AAA and click the Authentication Profile tab.
    2. Select the name of the profile you want to delete on the Authentication Profile List page and click Delete. The system asks you whether to delete the record.

      NOTE:
      • To select a record, click the checkbox of the record.
      • To delete records in batches, click the checkboxes of records.

    3. Click OK.
  • Display the profile reference relationship.
    1. Choose Configuration > Security Services > AAA and click the Authentication Profile tab.
    2. Select the profile of which you want to display the reference relationship and click Display Reference Relationship. The system displays the types and names of the objects that reference the profile.

      NOTE:

      Click Hide Reference Relationship. The system hides the displayed results.

  • Configure a profile referenced in the authentication profile.

    The following profiles can be referenced in the authentication profile: 802.1X profile, Portal profile, MAC access profile, authentication-free rule profile, and domain profile.

    1. Choose Configuration > Security Services > AAA and click the Authentication Profile tab.
    2. Click on the left of Authentication Profile List. The system displays the authentication profile names. Click on the left of an authentication profile name. The profiles referenced by this profile are displayed in the navigation area.
    3. Click any profile referenced by the authentication profile. The configuration page of the referenced profile is displayed on the right. You can select another profile from the drop-down list or click Create to create a profile, and set the profile parameters. For descriptions of the profile parameters, see its configuration page.
    4. Click Apply. In the dialog box that is displayed, click OK.

Authentication/Authorization/Accounting Scheme

Procedure

  • Configure an authentication scheme.

    • Create an authentication scheme.
      1. Choose Configuration > Security Services > AAA and click the Authentication/Authorization/Accounting Scheme tab, as shown in Figure 5-143.
        Figure 5-143  Authentication/Authorization/Accounting scheme

      2. Click Create in Authentication Scheme List to open the Create Authentication Scheme page, as shown in Figure 5-144.
        Figure 5-144  Create Authentication Scheme

        Table 5-74 describes the parameters on the page.
        Table 5-74  Parameters on the Create Authentication Scheme page

        Item

        Description

        Authentication scheme name

        Specifies the name of an authentication scheme.

        First authentication

        The value can be RADIUS, HWTACACS, Local, or Non-authentication.

        Second authentication

        The value can be a mode except the first authentication mode. When the authentication server of the first authentication mode does not respond, the second authentication mode is triggered.

        When the first authentication mode is no authentication, the second authentication mode cannot be configured.

        Third authentication

        The value can be a mode except the first and second authentication modes. When the authentication servers of the first and second authentication modes do not respond, the third authentication mode is triggered.

        When the second authentication mode is no authentication or not configured, the third authentication mode cannot be configured.

        Fourth authentication

        The value can be no authentication or not configured. When the authentication servers of the first, second, and third authentication modes do not respond, the fourth authentication mode is triggered.

        When the third authentication mode is no authentication or not configured, the fourth authentication mode cannot be configured.

        NOTE:

        If non-authentication is configured, a user passes the authentication using any user name or password. Therefore, to protect the device or network security, you are advised to enable authentication, allowing only the authenticated users to access the device or network.

      3. Set parameters for the authentication scheme.
      4. Click OK.
    • Modify the authentication scheme.
      1. Choose Configuration > Security Services > AAA and click the Authentication/Authorization/Accounting Scheme tab.
      2. Click the authentication scheme that you want to modify in Authentication Scheme List.
      3. Set parameters for the authentication scheme. Table 5-74 describes the parameters on the page.
      4. Click OK.

  • Configure an authorization scheme.

    • Create an authorization scheme.
      1. Choose Configuration > Security Services > AAA and click the Authentication/Authorization/Accounting Scheme tab.
      2. Click Create in Authorization Scheme List to open the Create Authorization Scheme page, as shown in Figure 5-145.
        Figure 5-145  Create Authorization Scheme

        Table 5-75 describes the parameters on the page.
        Table 5-75  Parameters on the Create Authorization Scheme page

        Item

        Description

        Authorization scheme name

        Specifies the name of an authorization scheme.

        First authorization

        The value can be HWTACACS, If-authenticated, Local, or Non-authorization.

        Second authorization

        The value can be a mode except the first authorization mode. When the authorization server of the first authorization mode does not respond, the second authorization mode is triggered.

        When the first authorization mode is no authorization, the second authorization mode cannot be configured.

        Third authorization

        The value can be a mode except the first and second authorization modes. When the authorization servers of the first and second authorization modes do not respond, the third authorization mode is triggered.

        When the second authorization mode is no authorization or not configured, the third authorization mode cannot be configured.

        Fourth authorization

        The value can be no authorization or not configured. When the authorization servers of the first, second, and third authorization modes do not respond, the fourth authorization mode is triggered.

        When the third authorization mode is no authorization or not configured, the fourth authorization mode cannot be configured.

      3. Set parameters for the authorization scheme.
      4. Click OK.
    • Modify the authorization scheme.
      1. Choose Configuration > Security Services > AAA and click the Authentication/Authorization/Accounting Scheme tab.
      2. Click the authorization scheme that you want to modify in Authorization Scheme List.
      3. Modify parameters for the authorization scheme. Table 5-75 describes the parameters on the page.
      4. Click OK.

  • Configure the accounting scheme.

    • Create an accounting scheme.
      1. Choose Configuration > Security Services > AAA and click the Authentication/Authorization/Accounting Scheme tab.
      2. Click Create in Accounting Scheme List to open the Create Accounting Scheme page, as shown in Figure 5-146.
        Figure 5-146  Create Accounting Scheme

        Table 5-76 describes the parameters on the page.
        Table 5-76  Parameters on the Create Accounting Scheme page

        Item

        Description

        Accounting scheme name

        Specifies the name of an accounting scheme.

        Accounting mode

        Indicates the accounting mode.
        • Non-accounting
        • RADIUS accounting
        • HWTACACS accounting
      3. Set parameters for the accounting scheme.
      4. Click OK.
    • Modify the accounting scheme.
      1. Choose Configuration > Security Services > AAA and click the Authentication/Authorization/Accounting Scheme tab.
      2. Click the accounting scheme that you want to modify in Accounting Scheme List.
      3. Modify parameters for the accounting scheme. Table 5-76 describes the parameters on the page.
      4. Click OK.

Service Scheme

Context

Access users must obtain authorization information before they can go online. Authorization information about users can be managed by configuring a service scheme.

Procedure

  • Create a service scheme profile.
    1. Choose Configuration > Security Services > AAA and click the Service Scheme tab, as shown in Figure 5-147.

      Figure 5-147  Service Scheme

    2. Click Create to open the Create Service Scheme page, as shown in Figure 5-148.

      Figure 5-148  Create Service Scheme

      Table 5-77 describes the parameters on the page.
      Table 5-77  Service Scheme Creation

      Parameter

      Description

      Server scheme name

      Indicates the name of the service scheme.

      Administrator priority

      Indicates the administrator level.

      Primary DNS server

      Indicates the IP address of the primary DNS server.

      Secondary DNS server

      Indicates the IP address of the secondary DNS server.

      User VLAN

      Specifies the user VLAN.

      UCL group

      Select a UCL group to be bound.

      QoS profile

      Indicates the QoS profile. Select the following operations:
      • To select a QoS profile, click .
      • To set parameters for the QoS profile, click . After the configuration is complete, click OK.
      • To modify a QoS profile, click .
      • To delete a QoS profile, click .

      Idle user disconnection

      Specifies the action taken on a user when the user does not perform any operation within a period of time.
      • Based on uplink traffic: indicates that the action takes effect for only upstream traffic of the user.
      • Based on downlink traffic: indicates that the action takes effect for only downstream traffic of the user.
      • Based on uplink and downlink traffic: indicates that the action takes effect for both upstream and downstream traffic of the user.
      • Close: indicates that the idle-cut function is disabled.

    3. Set parameters for the service scheme profile.
    4. Click OK.
  • Modify a service scheme profile.
    1. Choose Configuration > Security Services > AAA and click the Service Scheme tab.
    2. Click the service scheme profile that you want to modify. The settings of the service scheme profile are displayed.
    3. Set parameters for the service scheme profile. Table 5-77 describes the parameters for modifying a service scheme profile.
    4. Click OK.
  • Delete a service scheme profile.
    1. Choose Configuration > Security Services > AAA and click the Service Scheme tab.
    2. Select the profile that you want to delete and click Delete. The system asks you whether to delete the record.

      NOTE:
      • To select a record, click the checkbox of the record.
      • To delete records in batches, click the checkboxes of records.

    3. Click OK.

External Portal

Procedure

  • Perform global settings for the external Portal server.
    1. Choose Configuration > Security Services > AAA > Portal Server Global Configuration and click the External Portal tab, as shown in Figure 5-149.

      Figure 5-149  External Portal

      Table 5-78 describes the parameters on the page.

      Table 5-78  Global settings for the external Portal server

      Parameter

      Description

      Maximum number of STAs

      Maximum number of Portal authentication users allowed on the device.

    2. Click Apply. In the dialog box that is displayed, click OK.
  • Create a Portal authentication server.
    1. Choose Configuration > Security Services > AAA > Portal Server Global Configuration and click the External Portal tab.
    2. Click Create under Portal Authentication Server List. The Create Authentication Server page is displayed, as shown in Figure 5-150.

      Figure 5-150  Create Authentication Server

      Table 5-79 describes the parameters on the page.
      Table 5-79  Parameters for creating a Portal authentication server

      Parameter

      Description

      Server name

      Portal server name to identify a Portal server.

      Server IP

      IP address for the Portal server.

      Shared key

      Shared key that the device uses to exchange information with the Portal server.

      Packet port number

      Port number that the device uses to listen on Portal protocol packets.

      URL

      URL of the Portal server.

      URL Option Settings

      LSW-IP

      IP address of the switch carried in the URL.

      LSW-MAC

      MAC address of the switch carried in the URL.

      User access URL

      Original URL that a user accesses carried in the URL.

      User MAC

      User MAC address carried in the URL.

      User IP

      User IP address carried in the URL.

      System name

      Device system name carried in the URL.

      AP-IP

      AP IP address carried in the URL.

      AP-MAC

      AP MAC address carried in the URL.

      SSID

      SSID with which users associate.

      Login URL keyword/Login URL Login URL keyword and login URL.

      MAC address format

      • No separator
      • Normal: sets the MAC address format to XXXX-XXXX-XXXX. You can specify a character as the delimiter.
      • Compact: sets the MAC address format to XX-XX-XX-XX-XX-XX. You can specify a character as the delimiter.

      Separator

      Separator, which contains one character.

      Encrypted parameter name Name of an encrypted parameter in the URL.
      Encryption vector name Name of an encryption vector.
      Encryption key Encryption key.

      Server Detection Configuration

      Portal server detection Whether to enable the Portal server detection function.
      Detection interval Portal server detection interval.
      Maximum number of detection failures Maximum number of Portal server detection failures.
      Minimum number of Portal servers in up state Minimum number of Portal servers in Up state.
      Action after the number of detection failures exceeds the maximum Action taken when the maximum number of detection failures on the Portal server is exceeded.
      Parameter Parsing Configuration
      Protocol type Protocol type.
      Password encryption mode Password encryption mode.
      User name keyword User name keyword.
      Password keyword Password keyword.
      Original URL keyword Original URL keyword.
      Login success response Login success response mode.
      Login failure response Login failure response mode.
      Command keyword Command keyword.
      String identifying the user login command String for identifying the user login command.
      String identifying the user logout command String for identifying the user logout command.
      User MAC address keyword User MAC address keyword.
      User IP address keyword User IP address keyword.
      Logout success response Logout success response mode.
      Logout failure response Logout failure response mode.

    3. Set parameters for authentication server.
    4. Click OK.
  • Modify a Portal authentication server.
    1. Choose Configuration > Security Services > AAA > Portal Server Global Configuration and click the External Portal tab.
    2. Click the name of the authentication server that you want to modify. The authentication server modification page is displayed.
    3. Modify parameters for authentication server. Table 5-79 describes the parameters for modifying an authentication server.
    4. Click OK.
  • Delete an authentication server.
    1. Choose Configuration > Security Services > AAA > Portal Server Global Configuration and click the External Portal tab.
    2. Select the authentication server name and click Delete. The system asks you whether to delete the record.
    3. Click OK.

RADIUS

Context

RADIU protects a network from unauthorized access. It is typically used on networks that require high security and control remote user access.

Procedure

  • Configure a RADIUS server profile.

    • Create a RADIUS server profile.
      1. Choose Configuration > Security Services > AAA and click the RADIUS tab, as shown in Figure 5-151.
        Figure 5-151  RADIUS configuration

      2. Click Create in RADIUS Server Profile to open the Create RADIUS Server Profile page, as shown in Figure 5-152.
        Figure 5-152  Create RADIUS Server Profile page

        Table 5-80 describes the parameters on the page.
        Table 5-80  Parameters for creating a RADIUS server profile

        Parameter

        Description

        Profile name

        Name of a RADIUS server profile.

        STA HT Mode
        • Active/Standby mode: When multiple RADIUS authentication or accounting servers are configured, the server with the highest weight becomes the active server, and the other servers are backup servers. Among the backup servers, the servers with a higher weight have a higher priority.
        • Load balancing mode: When multiple RADIUS authentication or accounting servers are configured, user authentication or accounting requests are sent to the servers based on the weight proportion of each server.
        NAS IP address NAS-IP-Address attribute of RADIUS packets sent by the device.

        Profile default shared key

        RADIUS shared key.

        User name format in packets

        User name format in packets sent from the device to the RADIUS server.

        • Original user name: The device does not modify the user name entered by the user in the packets sent to the RADIUS server.
        • With domain name: The device encapsulates the domain name in the user name when sending RADIUS packets to the RADIUS server.
        • Without domain name: The device does not encapsulate the domain name in the user name when sending RADIUS packets to the RADIUS server.

        MAC address format in Calling-Station-Id

        Encapsulation format of the MAC address in the Calling-Station-ID attribute of RADIUS packets.
        Called-Station-ID format Content encapsulated in the Called-Station-ID attribute of RADIUS packets.
        Separator Separator before the SSID encapsulated in the Called-Station-ID attribute.

        This parameter is supported only when Containing the SSID is selected.

        MAC address format in Called-Station-Id Encapsulation format of the MAC address in the Called-Station-ID attribute of RADIUS packets.

        This parameter is supported only when Called-Station-ID format is set to AP MAC or AC MAC.

      3. On the Create RADIUS Server Profile page, click Create Server. The Create Server Configuration page is displayed, as shown in Figure 5-153.
        Figure 5-153  Create Server Configuration page

        Table 5-81 describes the parameters on the page.
        Table 5-81  Parameters for creating a server

        Parameter

        Description

        IP address

        IP address of a RADIUS server.

        Shared key

        Shared key of the RADIUS server.

        Server Settings

        The following parameters are valid only when Authentication is selected.

        Port number

        Port number of the authentication server.

        Weight

        Weight of the authentication server.

        Source address of outgoing packets

        Source IP address of the RADIUS authentication server.

        Server Settings

        The following parameters are valid only when Accounting is selected.

        Port number

        Port number of the accounting server.

        Weight

        Weight of the accounting server.

        Source address of outgoing packets

        Source IP address of the accounting server.

      4. Set parameters for the RADIUS server.
      5. Click OK.
    • Modify a RADIUS server profile.
      1. Choose Configuration > Security Services > AAA and click the RADIUS tab.
      2. Select a RADIUS server profile in RADIUS Server Profile to open the RADIUS server profile modification page.
      3. Modify the parameters of the RADIUS server profile. Table 5-80 describes the parameters for modifying a spectrum profile.
      4. Click OK.

  • Configure an authorization server.

    • Create an authorization server.
      1. Choose Configuration > Security Services > AAA and click the RADIUS tab.
      2. Click Create in Authorization Server to open the Create Authorization Server page, as shown in Figure 5-154.
        Figure 5-154  Create Authorization Server page

        Table 5-82 describes the parameters on the page.
        Table 5-82  Parameters for creating an authorization server

        Parameter

        Description

        Authorization server IP address

        IP address of an authorization server.

        Profile name

        Name of the created RADIUS server profile.

        Key

        Shared key of the RADIUS authorization server.

      3. Set parameters for authorization server.
      4. Click OK.
    • Modify an authorization server.
      1. Choose Configuration > Security Services > AAA and click the RADIUS tab.
      2. Select the authentication server in Authorization Server.
      3. Modify parameters for authorization server. Table 5-82 describes the parameters for modifying an authorization server.
      4. Click OK.

HWTACACS

Context

HWTACACS prevents unauthorized users from attacking a network and supports command-line authorization. Compared with RADIUS, HWTACACS is more reliable in transmission and encryption, and is more suitable for security control.

Procedure

  • Enable or disable HWTACACS.
    1. Choose Configuration > Security Services > AAA and click the HWTACACS tab, as shown in Figure 5-155.

      Figure 5-155  HWTACACS configuration

    2. Set the HWTACACS function status to ON or OFF.
    3. Click Apply. In the dialog box that is displayed, click OK.
  • Configure an HWTACACS server profile.

    • Create an HWTACACS server profile.
      1. Choose Configuration > Security Services > AAA and click the HWTACACS tab.
      2. Click Create in HWTACACS Server Profile to open the Create HWTACACS server profile page, as shown in Figure 5-156.
        Figure 5-156  Create HWTACACS server profile page

        Table 5-83 describes the parameters on the page.
        Table 5-83  Parameters for creating an HWTACACS server profile

        Parameter

        Description

        Profile name

        Name of an HWTACACS server profile.

        Key

        Shared key for the HWTACACS server.

        User name

        Whether the device encapsulates the domain name in the user name when sending HWTACACS packets to an HWTACACS server.

        Source address of outgoing packets Source IP address used by a device to communicate with an HWTACACS server.
      3. Set parameters for the HWTACACS server.
      4. Click OK.
    • Modify an HWTACACS server profile.
      1. Choose Configuration > Security Services > AAA and click the HWTACACS tab.
      2. Select an HWTACACS server profile in HWTACACS Server Profile to open the HWTACACS server profile modification page.
      3. Modify parameters for the HWTACACS server. Table 5-83 describes the parameters for modifying an HWTACACS server profile.
      4. Click OK.

  • Configure an Authentication/Authorization/Accounting server.

    • Create an Authentication/Accounting server.
      1. Choose Configuration > Security Services > AAA and click the HWTACACS tab.
      2. Click Create in Authentication/Authorization/Accounting Server to open the Create Authentication/Authorization/Accounting Server page, as shown in Figure 5-157.
        Figure 5-157  Create Authentication/Authorization/Accounting Server page

        Table 5-84 describes the parameters on the page.
        Table 5-84  Parameters for creating an Authentication/Authorization/Accounting server

        Parameter

        Description

        Profile name

        Name of an HWTACACS server profile.

        Server type

        Server type, which can be an authentication, authorization, or accounting server.

        Primary server IP address

        IP address of the primary server.

        Primary server port number

        Port number of the primary server.

        Secondary server IP address

        IP address of the secondary server.

        Secondary server port number

        Port number of the secondary server.

      3. Set parameters for the Authentication/Authorization/Accounting server.
      4. Click OK.
    • Modify an Authentication/Authorization/Accounting server.
      1. Choose Configuration > Security Services > AAA and click the HWTACACS tab.
      2. Click the profile to modify in Authentication/Authorization/Accounting Server. The page for modifying an Authentication/Authorization/Accounting server is displayed.
      3. Modify parameters of the Authentication/Authorization/Accounting server. For description of the parameters, see Table 5-84.
      4. Click OK.

Local User

Procedure

  • Create a local user.
    1. Choose Configuration > Security Services > AAA and click the Local User tab, as shown in Figure 5-158.

      Figure 5-158  Local user

    2. Click Create to open the Create User page, as shown in Figure 5-159.

      Figure 5-159  Create User page

      Table 5-85 describes the parameters on the page.
      Table 5-85  Parameters for creating a user

      Parameter

      Description

      User name

      Local user name.

      Password

      User password.

      Expiration time Password validity period.

      User type

      User type. Users at different levels have different access rights.

      User status

      State of a local user.
      • Activate: The device accepts and processes the authentication request from the user.
      • Block: The device rejects the authentication request from the user.
      NOTE:

      If a user has established a connection with the device, when the user is set in blocking state, the connection still takes effect but the device rejects subsequent authentication requests from the user.

      Access mode

      Access type. After you specify the access type of a user, only the users of the specified access type can log in.

    3. Set parameters for the local user.
    4. Click OK.
  • Modify a local user.
    1. Choose Configuration > Security Services > AAA and click the Local User tab.
    2. Click the name of the user that you want to modify.
    3. Set parameters for modifying the user. Indicates whether a user is forcibly disconnected from the network. Table 5-85 describes the parameters for modifying a local user.
    4. Click OK.
  • Delete a local user.
    1. Choose Configuration > Security Services > AAA and click the Local User tab.
    2. Select a record that you want to delete and click Delete. The system asks you whether to delete the record.

      NOTE:
      • To select a record, click the checkbox of the record.
      • To delete records in batches, click the checkboxes of records.

    3. Click OK.

Advanced Settings

Procedure

  • Configure 802.1X authentication globally.
    1. Choose Configuration > Security Services > AAA and click the Advanced Settings tab, as shown in Figure 5-160.

      Figure 5-160  Advanced Settings

    2. Set parameters in 802.1X Authentication Global Settings. Table 5-86 describes the parameters on this page.

      Table 5-86  Parameters for configuring 802.1X authentication globally

      Parameter

      Description

      Quiet timer

      Indicates whether to start the quiet timer.

      Maximum authentication failures before the switch quiets a user

      Indicates the maximum number of times that a user fails authentication before the quiet function is enabled. When the number of times that a user fails 802.1X authentication within 60s reaches the value set in Maximum authentication failures before the switch quiets a user, the device keeps the user quiet for a period of time.

      Quiet timer value (s)

      Indicates the quiet period. During the quiet period of an 802.1X authentication user, the device discards the 802.1X authentication request packets from the user.

    3. Click Apply.
    4. In the dialog box that is displayed, click OK.
  • Configure Portal authentication globally.
    1. Choose Configuration > Security Services > AAA and click the Advanced Settings tab, as shown in Figure 5-160.
    2. Set parameters in Portal Authentication Global Settings. Table 5-87 describes the parameters on this page.

      Table 5-87  Parameters for configuring Portal authentication globally

      Parameter

      Description

      Quiet timer

      Indicates whether to start the quiet timer.

      Maximum authentication failures before the switch quiets a user

      Indicates the maximum number of times that a user fails authentication before the quiet function is enabled. When the number of times that a user fails Portal authentication within 60s reaches the value set in Maximum authentication failures before the switch quiets a user, the device keeps the user quiet for a period of time.

      Quiet timer value (s)

      Indicates the quiet period. During the quiet period of a Portal authentication user, the device discards the Portal authentication request packets from the user.

      Port number in Portal packets

      Indicates the port number used by the device to listen on Portal protocol packets.

      Transparent transmission of authentication information

      Indicates whether to enable transparent transmission of authentication information.

      Portal version

      Indicates the version of the Portal protocol.

      Upper alarm threshold percentage (%)

      Indicates the upper alarm threshold percentage of Portal authentication user quantity, which must be greater than or equal to Lower alarm threshold percentage.

      Lower alarm threshold percentage (%)

      Indicates the lower alarm threshold percentage of Portal authentication user quantity.

    3. Click Apply.
    4. In the dialog box that is displayed, click OK.
  • Configure MAC address authentication globally.
    1. Choose Configuration > Security Services > AAA and click the Advanced Settings tab, as shown in Figure 5-160.
    2. Set parameters in MAC Address Authentication Global Settings. Table 5-88 describes the parameters on this page.

      Table 5-88  Parameters for configuring MAC address authentication globally

      Parameter

      Description

      Maximum authentication failures before the switch quiets a user

      Indicates the maximum number of times that a user fails authentication before the quiet function is enabled. When the number of times that a user fails MAC address authentication within 60s reaches the value set in Maximum authentication failures before the switch quiets a user, the device keeps the user quiet for a period of time.

      Quiet timer value (s)

      Indicates the value of the quiet timer. When a user fails authentication, the device keeps the user quiet for a period before processing the authentication request from the user. During the quiet period, the device does not process authentication requests from the user.

    3. Click Apply.
    4. In the dialog box that is displayed, click OK.
  • Enable the CNA bypass function for iOS terminals.
    1. Choose Configuration > Security Services > AAA and click the Advanced Settings tab, as shown in Figure 5-160.
    2. Set Enable the CNA bypass function for iOS terminals in Others to ON.
    3. Click Apply.
    4. In the dialog box that is displayed, click OK.

Free Mobility

Procedure

  1. Choose Configuration > Security Services > AAA and click the Free Mobility tab.
  2. Set Free mobility status to ON to open the Free Mobility page, as shown in Figure 5-161.

    Figure 5-161  Enable Free Mobility

    Table 5-89 describes the parameters on the page.
    Table 5-89  Parameters for enabling Free Mobility

    Item

    Description

    Free mobility status

    Enables Free mobility:
    • ON
    • OFF

    Controller server IP

    Configures an IP address for the primary controller.

    Backup controller server IP

    Configures an IP address for the backup controller.

    Connection password

    Configures the password used by the device to set up a connection with the controller.

    The value is a string of 8 to 32 characters.

    Confirm connection password

    Confirms the password used by the device to set up a connection with the controller.

    Source IP address

    Specifies the source IP address for the communication between switch and controller.

  3. Configure the parameters.
  4. Click Apply.
  5. In the dialog box that is displayed, click OK.
Translation
Download
Updated: 2019-10-17

Document ID: EDOC1000178323

Views: 84309

Downloads: 112

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next