No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Security

AR500, AR510, AR531, AR550, AR1500, and AR2500 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the network management feature supported by the device.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Default Settings for NAC

Default Settings for NAC

802.1X Access Profile

The system provides a predefined 802.1X access profile named dot1x_access_profile. Table 3-3 lists the default settings for an 802.1X access profile created on the device.

Table 3-3  Default settings for an 802.1X access profile

Parameter

Default Setting

Authentication mode of 802.1X users

EAP authentication

Actively initiating 802.1X authentication

Enabled

Handshake with online users

Disabled

Re-authentication for online 802.1X users

Disabled

Retransmissions count of authentication request packets

2

Client authentication timeout interval

5 seconds

Timeout interval of an authentication request

30 seconds

MAC Access Profile

The system provides a predefined MAC access profile named mac_access_profile. Table 3-4 lists the default settings for a MAC access profile created on the device.

Table 3-4  Default settings for a MAC access profile

Parameter

Default Setting

User name and password format for MAC address authentication

MAC addresses without hyphens (-)

Types of packets that can trigger MAC address authentication

DHCP, ARP, DHCPv6, and ND packets

Re-authentication for online MAC address authentication users

Disabled

Re-authentication interval for online MAC address authentication users

1800 seconds

Re-authentication for users upon receipt of DHCP lease renewal packets

Disabled

Portal Access Profile

The system provides a predefined Portal access profile named portal_access_profile. Table 3-5 lists the default settings for a Portal access profile created on the device.

Table 3-5  Default settings for a Portal access profile

Parameter

Default Setting

Portal server

Unspecified

Source network segment for Portal authentication

All network segments

User offline detection interval

300 seconds

Escape authorization (network access rights assigned to users when the access device detects that the Portal server is Down)

Unspecified
Re-authentication for users when the access device detects that the Portal server state changes from Down to Up Disabled

Authentication Profile

The system provides five predefined authentication profiles: default_authen_profile, dot1x_authen_profile, mac_authen_profile, portal_authen_profile, and dot1xmac_authen_profile. Table 3-6 lists the default settings for an authentication profile created on the device.

Table 3-6  Default settings for an authentication profile

Parameter

Default Setting

Access profile type and name

Unspecified

User access mode

multi-authen

Interval for re-authenticating users in pre-connection state

60 seconds

Translation
Download
Updated: 2019-05-20

Document ID: EDOC1100034236

Views: 94932

Downloads: 53

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next