No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R012C00 NETCONF YANG API Reference

This document describes the NETCONF YANG API functions supported by the switch, including the data model and samples.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
NAC

NAC

This section describes the NAC configuration model and provides examples of packets.

Configuring an 802.1X Access Profile

This section describes the configuration model of 802.1X access profile and provides examples of XML packets.

Data Model

The configuration model file matching 802.1X access profile is huawei-nac-dot1x.yang.

Table 2-369  Data model

Object

Description

Value

Remarks

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile

Indicates that the request operation (creation or modification) object is an 802.1X access profile. This object is the root object. It is only used to contain sub-objects, but does not have any data meaning.

N/A

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/name

Indicates the name of the created 802.1X access profile.

The value is a string of 1 to 31 case-sensitive characters. It cannot be - or -- and cannot contain spaces or the following symbols: / \ : * ? " < > | @ ' %.

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/authentication-method

Indicates that an authentication mode is configured for 802.1X users.

Enumerated type:

  • chap: EAP termination authentication using the Challenge Handshake Authentication Protocol (CHAP)
  • pap: EAP termination authentication using the Password Authentication Protocol (PAP)
  • eap: relay authentication using the Extensible Authentication Protocol (EAP)

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/authorize-of-authentication-event

Indicates that network access rights are configured for users when the 802.1X client does not respond.

N/A

N/A

huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/unicast-trigger

Indicates whether 802.1X authentication triggered by unicast packets is enabled.

Boolean type:

  • true: enabled
  • false: disabled

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/handshake/enable

Indicates whether handshake with online 802.1X authentication users is enabled.

Boolean type:

  • true: enabled
  • false: disabled

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/trigger-packet

Indicates the type of packets that can trigger 802.1X authentication.

The value is of the enumerated type:

  • dhcp
  • arp

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/handshake/period-eth-trunk

Indicates the interval at which the device handshakes with an 802.1X client on an Eth-Trunk interface.

The value is an integer in the range from 30 to 7200, in seconds.

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/handshake/period-non-eth-trunk

Indicates the interval at which the device handshakes with an 802.1X client on a non-Eth-Trunk interface.

The value is an integer in the range from 5 to 7200, in seconds.

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/handshake/packet-type

Indicates the type of 802.1X authentication handshake packets.

The value is of the enumerated type:

  • request-identity
  • srp-sha1-part2

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/retry-function/max-retry

Indicates the maximum number of times an authentication request sent to an 802.1X user.

The value is an integer in the range from 1 to 10.

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/retry-function/client-time-out

Indicates the client authentication timeout interval.

The value is an integer in the range from 1 to 120, in seconds.

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/eap-notify-packet

Indicates whether to enable the device to send EAP packets with a code number to 802.1X users.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/port-control-function/mode

Indicates the authorization state of an interface.

The value is of the enumerated type:

  • auto: indicates the auto identification mode.
  • authorized-force: indicates the forcible authorization mode.
  • unauthorized-force: indicates the forcible unauthorized mode.

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/re-authenticate-function/re-authenticate-enable

Indicates whether to enable re-authentication for online 802.1X authentication users.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/re-authenticate-function/re-authenticate-period

Indicates the re-authentication interval for online 802.1X users.

The value is an integer in the range from 60 to 7200, in seconds.

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/dhcp-binding

Indicates whether to enable the device to automatically generate the DHCP snooping binding table.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

/huawei-nac-dot1x:dot1x-access/quiet-function/enable

Indicates whether to enable the quiet function for 802.1X authentication users.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

/huawei-nac-dot1x:dot1x-access/quiet-function/quiet-period

Indicates the quiet period for 802.1X authentication users who fail to be authenticated.

The value is an integer in the range from 1 to 3600, in seconds.

N/A

/huawei-nac-dot1x:dot1x-access/quiet-function/quiet-times

Indicates the maximum number of authentication failures within 60 seconds before the device quiets an 802.1X authentication user.

The value is an integer in the range from 1 to 10.

N/A

/huawei-nac-dot1x:dot1x-access/tx-period

Indicates the interval for sending authentication requests.

The value is an integer in the range from 1 to 120, in seconds.

N/A

/huawei-nac-dot1x:dot1x-access/url

Indicates the redirection URL for 802.1X authentication.

The value is a string of 1 to 200 case-sensitive characters without spaces and question marks (?). If the string is enclosed in double quotation marks (" "), the string can contain spaces.

N/A

/huawei-nac-dot1x:dot1x-access/multicast-trigger-function/enable

Indicates whether to enable the function of triggering 802.1X authentication through multicast packets.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

/huawei-nac-dot1x:dot1x-access/multicast-trigger-function/port-up-enable

Indicates whether to enable the function of triggering 802.1X authentication through multicast packets immediately after an interface goes Up.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

Creating an 802.1X Access Profile

This section provides a sample of creating an 802.1X access profile using the merge method. You can also use the create method to create an 802.1X access profile.

Table 2-370  Creating an 802.1X access profile

Operation

XPATH

edit-config:merge

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/name

Data Requirement
Table 2-371  Creating an 802.1X access profile

Item

Data

Description

name

test

Create the 802.1X access profile test.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
   <dot1x-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac-dot1x">
    <dot1x-access-profile>
     <name>test</name>
    </dot1x-access-profile>
   </dot1x-access>
  </config>
 </edit-config>
</rpc> 
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <ok/>
</rpc-reply> 

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="3a8e485-35d2-499e-895c-e2d2d5f555a8">
  <rpc-error>
    <error-app-tag>1</error-app-tag>
    <error-message>Service process failed.</error-message>
    <error-info>Error on node /huawei-nac-dot1x:dot1x-access/dot1x-access-profile[name="testtesttesttesttesttesttesttesttest"]/name</error-info>
  </rpc-error>
</rpc-reply>
Configuring an Authentication Mode for 802.1X Users

This section provides a sample of configuring an authentication mode for 802.1X users using the merge method. You can also use the create method to configure an authentication mode for 802.1X users.

Table 2-372  Configuring an authentication mode for 802.1X users

Operation

XPATH

edit-config:merge

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/authentication-method

Data Requirement
Table 2-373  Configuring an authentication mode for 802.1X users

Item

Data

Description

name

test

Set the authentication mode for 802.1X users to CHAP.

The 802.1X access profile must exist on the switch.

authentication-method

chap

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
   <dot1x-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac-dot1x">
    <dot1x-access-profile>
     <name>test</name>
     <authentication-method>chap</authentication-method>
    </dot1x-access-profile>
   </dot1x-access>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-message>parse rpc config error.</error-message>
  </rpc-error>
</rpc-reply>
Configuring Network Access Rights for Users When the 802.1X Client Does Not Respond

This section provides a sample of configuring network access rights for users when the 802.1X client does not respond using the merge method. You can also use the create method to configure network access rights for users when the 802.1X client does not respond.

Table 2-374  Configuring network access rights for users when the 802.1X client does not respond

Operation

XPATH

edit-config:merge

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/authorize-of-authentication-event

Data Requirement
Table 2-375  Configuring network access rights for users when the 802.1X client does not respond

Item

Data

Description

name

test

Configure network access rights for users when the 802.1X client does not respond.

The 802.1X access profile must exist on the switch.

authentication-event

client-no-response

vlan-id

4000

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
   <dot1x-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac-dot1x">
    <dot1x-access-profile>
     <name>test</name>
     <authorize-of-authentication-event>
      <authentication-event>client-no-response</authentication-event>
      <vlan-id>4000</vlan-id>
     </authorize-of-authentication-event>
    </dot1x-access-profile>
   </dot1x-access>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-message>parse rpc config error.</error-message>
  </rpc-error>
</rpc-reply>
Enabling 802.1X Authentication Triggered by Unicast Packets

This section provides a sample of enabling 802.1X authentication triggered by unicast packets using the merge method. You can also use the create method to enable 802.1X authentication triggered by unicast packets.

Table 2-376  Enabling 802.1X authentication triggered by unicast packets

Operation

XPATH

edit-config:merge

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/unicast-trigger

Data Requirement
Table 2-377  Enabling 802.1X authentication triggered by unicast packets

Item

Data

Description

name

test

Enable 802.1X authentication triggered by unicast packets.

The 802.1X access profile must exist on the switch.

unicast-trigger

true

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
   <dot1x-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac-dot1x">
    <dot1x-access-profile>
     <name>test</name>
     <unicast-trigger>true</unicast-trigger>
    </dot1x-access-profile>
   </dot1x-access>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-message>parse rpc config error.</error-message>
  </rpc-error>
</rpc-reply>
Enabling Handshake with Online 802.1X Authentication Users

This section provides a sample of enabling handshake with online 802.1X authentication users using the merge method. You can also use the create method to enable handshake with online 802.1X authentication users.

Table 2-378  Enabling handshake with online 802.1X authentication users

Operation

XPATH

edit-config:merge

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/handshake

Data Requirement
Table 2-379  Enabling handshake with online 802.1X authentication users

Item

Data

Description

name

test

Enable handshake with online 802.1X authentication users.

The 802.1X access profile must exist on the switch.

handshake

true

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
   <dot1x-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac-dot1x">
    <dot1x-access-profile>
     <name>test</name>
     <handshake>true</handshake>
    </dot1x-access-profile>
   </dot1x-access>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-message>parse rpc config error.</error-message>
  </rpc-error>
</rpc-reply>
Configuring the Interval at Which the Device Handshakes with 802.1X Users

This section provides a sample of configuring the interval at which the device handshakes with 802.1X users using the merge method.

Table 2-380  Configuring the interval at which the device handshakes with 802.1X users

Operation

XPATH

edit-config:merge

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/handshake/period-eth-trunk

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/handshake/period-non-eth-trunk

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/handshake/packet-type

Data Requirements
Table 2-381  Configuring the interval at which the device handshakes with 802.1X users

Item

Data

Description

name

test

Configure the 802.1X access profile named test.

period-eth-trunk

51

Set the interval at which the device handshakes with an 802.1X client on an Eth-Trunk interface to 51 seconds.

period-non-eth-trunk

200

Set the interval at which the device handshakes with an 802.1X client on a non-Eth-Trunk interface to 200 seconds.

packet-type

srp-sha1-part2

Set the type of 802.1X authentication handshake packets to srp-sha1-part2.

Request Example
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-dot1x:dot1x-access xmlns:hw-nac-dot1x="urn:huawei:params:xml:ns:yang:huawei-nac-dot1x">
        <hw-nac-dot1x:dot1x-access-profile xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
          <hw-nac-dot1x:name>test</hw-nac-dot1x:name>
          <hw-nac-dot1x:handshake>
            <hw-nac-dot1x:period-eth-trunk>51</hw-nac-dot1x:period-eth-trunk>
            <hw-nac-dot1x:period-non-eth-trunk>200</hw-nac-dot1x:period-non-eth-trunk>
            <hw-nac-dot1x:packet-type>srp-sha1-part2</hw-nac-dot1x:packet-type>
          </hw-nac-dot1x:handshake>
        </hw-nac-dot1x:dot1x-access-profile>
      </hw-nac-dot1x:dot1x-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="20">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-nac-dot1x:dot1x-access/dot1x-access-profile[name='hu']/handshake/period-eth-trunk</error-path>
    <error-message>parse rpc config error.(Value "15" does not satisfy the constraint "30..7200" (range, length, or pattern).).</error-message>
  </rpc-error>
</rpc-reply>
Configuring the Type of Packets that Can Trigger 802.1X Authentication

This section provides a sample of configuring the type of packets that can trigger 802.1X authentication using the merge method.

Table 2-382  Configuring the type of packets that can trigger 802.1X authentication

Operation

XPATH

edit-config:merge

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/trigger-packet

Data Requirements
Table 2-383  Configuring the type of packets that can trigger 802.1X authentication

Item

Data

Description

name

test

Configure the 802.1X access profile named test.

trigger-packet

  • dhcp
  • arp

Configure the device to use DHCP and ARP packets to trigger 802.1X authentication.

Request Example
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-dot1x:dot1x-access xmlns:hw-nac-dot1x="urn:huawei:params:xml:ns:yang:huawei-nac-dot1x">
        <hw-nac-dot1x:dot1x-access-profile xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
          <hw-nac-dot1x:name>test</hw-nac-dot1x:name>
          <hw-nac-dot1x:trigger-packet>arp</hw-nac-dot1x:trigger-packet>
    <hw-nac-dot1x:trigger-packet>dhcp</hw-nac-dot1x:trigger-packet>
        </hw-nac-dot1x:dot1x-access-profile>
      </hw-nac-dot1x:dot1x-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="20">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-nac-dot1x:dot1x-access/dot1x-access-profile[name='hu']/handshake/packet-type</error-path>
    <error-message>parse rpc config error.(Invalid value "request" in "packet-type" element.).</error-message>
  </rpc-error>
</rpc-reply>
Configuring the Authentication Timeout Timer for 802.1X Clients

This section provides a sample of configuring the authentication timeout timer for 802.1X clients using the merge method.

Table 2-384  Configuring the authentication timeout timer for 802.1X clients

Operation

XPATH

edit-config:merge

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/retry-function/client-time-out

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/retry-function/max-retry

Data Requirements
Table 2-385  Configuring the authentication timeout timer for 802.1X clients

Item

Data

Description

name

test

Configure the 802.1X access profile named test.

client-time-out

8

Set the client authentication timeout interval to 8 seconds.

max-retry

3

Set the number of times an authentication request packet retransmitted to an 802.1X user to 3.

Request Example
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-dot1x:dot1x-access xmlns:hw-nac-dot1x="urn:huawei:params:xml:ns:yang:huawei-nac-dot1x">
        <hw-nac-dot1x:dot1x-access-profile xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
          <hw-nac-dot1x:name>test</hw-nac-dot1x:name>
          <hw-nac-dot1x:retry-function>
            <hw-nac-dot1x:client-time-out>8</hw-nac-dot1x:client-time-out>
            <hw-nac-dot1x:max-retry>3</hw-nac-dot1x:max-retry>
          </hw-nac-dot1x:retry-function>
        </hw-nac-dot1x:dot1x-access-profile>
      </hw-nac-dot1x:dot1x-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="6">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-nac-dot1x:dot1x-access/dot1x-access-profile[name='hufeng']/retry-function/client-time-out</error-path>
    <error-message>parse rpc config error.(Value "121" does not satisfy the constraint "1..120" (range, length, or pattern).).</error-message>
  </rpc-error>
</rpc-reply>
Configuring the Device to Send EAP Packets with a Code Number to 802.1X Users

This section provides a sample of configuring the device to send EAP packets with a code number to 802.1X users using the merge method.

Table 2-386  Configuring the device to send EAP packets with a code number to 802.1X users

Operation

XPATH

edit-config:merge

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/eap-notify-packet

Data Requirements
Table 2-387  Configuring the device to send EAP packets with a code number to 802.1X users

Item

Data

Description

name

test

Configure the 802.1X access profile named test.

eap-code

10

Set the code number in EAP packets sent to users to 10.

data-type

12

Set the data type in EAP packets sent to users to 12.

Request Example
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-dot1x:dot1x-access xmlns:hw-nac-dot1x="urn:huawei:params:xml:ns:yang:huawei-nac-dot1x">
        <hw-nac-dot1x:dot1x-access-profile xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
          <hw-nac-dot1x:name>test</hw-nac-dot1x:name>
          <hw-nac-dot1x:eap-notify-packet>
            <hw-nac-dot1x:eap-code>10</hw-nac-dot1x:eap-code>
            <hw-nac-dot1x:data-type>12</hw-nac-dot1x:data-type>
          </hw-nac-dot1x:eap-notify-packet>
        </hw-nac-dot1x:dot1x-access-profile>
      </hw-nac-dot1x:dot1x-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="12">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-nac-dot1x:dot1x-access/dot1x-access-profile[name='hu']/eap-notify-packet/eap-code</error-path>
    <error-message>parse rpc config error.(Value "4" does not satisfy the constraint "5..255" (range, length, or pattern).).</error-message>
  </rpc-error>
</rpc-reply>
Configuring the Authorization State of an Interface

This section provides a sample of configuring the authorization state of an interface using the merge method.

Table 2-388  Configuring the authorization state of an interface

Operation

XPATH

edit-config:merge

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/port-control-function/mode

Data Requirements
Table 2-389  Configuring the authorization state of an interface

Item

Data

Description

name

test

Configure the 802.1X access profile named test.

mode

unauthorized-force

Configure the authorization state of an interface to forcible unauthorized mode.

Request Example
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-dot1x:dot1x-access xmlns:hw-nac-dot1x="urn:huawei:params:xml:ns:yang:huawei-nac-dot1x">
        <hw-nac-dot1x:dot1x-access-profile xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
          <hw-nac-dot1x:name>test</hw-nac-dot1x:name>
          <hw-nac-dot1x:port-control-function>
            <hw-nac-dot1x:mode>unauthorized-force</hw-nac-dot1x:mode>
          </hw-nac-dot1x:port-control-function>
        </hw-nac-dot1x:dot1x-access-profile>
      </hw-nac-dot1x:dot1x-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="8">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-nac-dot1x:dot1x-access/dot1x-access-profile[name='hu']/port-control-function/mode</error-path>
    <error-message>parse rpc config error.(Invalid value "authorized" in "mode" element.).</error-message>
  </rpc-error>
</rpc-reply>
Configuring Re-authentication for Online 802.1X Authentication Users

This section provides a sample of configuring re-authentication for online 802.1X authentication users using the merge method.

Table 2-390  Configuring re-authentication for online 802.1X authentication users

Operation

XPATH

edit-config:merge

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/re-authenticate-function/re-authenticate-enable

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/re-authenticate-function/re-authenticate-period

Data Requirements
Table 2-391  Configuring re-authentication for online 802.1X authentication users

Item

Data

Description

name

d1

Configure the 802.1X access profile named d1.

re-authenticate-enable

true

Configure re-authentication for online 802.1X users.

re-authenticate-period

70

Set the re-authentication interval for online 802.1X users to 70 seconds.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-dot1x:dot1x-access xmlns:hw-nac-dot1x="urn:huawei:params:xml:ns:yang:huawei-nac-dot1x">
        <hw-nac-dot1x:dot1x-access-profile>
          <hw-nac-dot1x:name>d1</hw-nac-dot1x:name>
          <hw-nac-dot1x:re-authenticate-function>
            <hw-nac-dot1x:re-authenticate-enable>true</hw-nac-dot1x:re-authenticate-enable>
            <hw-nac-dot1x:re-authenticate-period>70</hw-nac-dot1x:re-authenticate-period>
          </hw-nac-dot1x:re-authenticate-function>
        </hw-nac-dot1x:dot1x-access-profile>
      </hw-nac-dot1x:dot1x-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="15">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-nac-dot1x:dot1x-access/dot1x-access-profile[name='d1']/re-authenticate-function/re-authenticate-enable</error-path>
    <error-message>parse rpc config error.(Invalid value "1" in "re-authenticate-enable" element.).</error-message>
  </rpc-error>
</rpc-reply>
Configuring the Device to Automatically Generate the DHCP Snooping Binding Table for Static IP Users

This section provides a sample of configuring the device to automatically generate the DHCP snooping binding table for static IP users using the merge method.

Table 2-392  Configuring the device to automatically generate the DHCP snooping binding table for static IP users

Operation

XPATH

edit-config:merge

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/dhcp-binding

Data Requirements
Table 2-393  Configuring the device to automatically generate the DHCP snooping binding table for static IP users

Item

Data

Description

name

d1

Configure the 802.1X access profile named d1.

dhcp-binding

true

Configure the device to automatically generate the DHCP snooping binding table for static IP users.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-dot1x:dot1x-access xmlns:hw-nac-dot1x="urn:huawei:params:xml:ns:yang:huawei-nac-dot1x">
        <hw-nac-dot1x:dot1x-access-profile>
          <hw-nac-dot1x:name>d1</hw-nac-dot1x:name>
          <hw-nac-dot1x:dhcp-binding>true</hw-nac-dot1x:dhcp-binding>
        </hw-nac-dot1x:dot1x-access-profile>
      </hw-nac-dot1x:dot1x-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="12">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-nac-dot1x:dot1x-access/dot1x-access-profile[name='d1']/dhcp-binding</error-path>
    <error-message>parse rpc config error.(Invalid value "1" in "dhcp-binding" element.).</error-message>
  </rpc-error>
</rpc-reply>
Configuring the Quiet Function for 802.1X Authentication Users

This section provides a sample of configuring the quiet function for 802.1X authentication users using the merge method.

Table 2-394  Configuring the quiet function for 802.1X authentication users

Operation

XPATH

edit-config:merge

/huawei-nac-dot1x:dot1x-access/quiet-function/enable

/huawei-nac-dot1x:dot1x-access/quiet-function/quiet-period

/huawei-nac-dot1x:dot1x-access/quiet-function/quiet-times

Data Requirements
Table 2-395  Configuring the quiet function for 802.1X authentication users

Item

Data

Description

enable

true

Configure the quiet function for 802.1X authentication users.

quiet-period

40

Set the quiet period for 802.1X authentication users to 40 seconds.

quiet-times

8

Set the maximum number of authentication failures within 60 seconds before the device quiets an 802.1X authentication user to 8.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-dot1x:dot1x-access xmlns:hw-nac-dot1x="urn:huawei:params:xml:ns:yang:huawei-nac-dot1x">
        <hw-nac-dot1x:quiet-function>
          <hw-nac-dot1x:enable>true</hw-nac-dot1x:enable>
          <hw-nac-dot1x:quiet-period>40</hw-nac-dot1x:quiet-period>
          <hw-nac-dot1x:quiet-times>8</hw-nac-dot1x:quiet-times>
        </hw-nac-dot1x:quiet-function>
      </hw-nac-dot1x:dot1x-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="11">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-nac-dot1x:dot1x-access/quiet-function/enable</error-path>
    <error-message>parse rpc config error.(Invalid value "1" in "enable" element.).</error-message>
  </rpc-error>
</rpc-reply>
Configuring the Interval for Sending 802.1X Authentication Request Packets

This section provides a sample of configuring the interval for sending 802.1X authentication request packets using the merge method.

Table 2-396  Configuring the interval for sending 802.1X authentication request packets

Operation

XPATH

edit-config:merge

/huawei-nac-dot1x:dot1x-access/tx-period

Data Requirements
Table 2-397  Configuring the interval for sending 802.1X authentication request packets

Item

Data

Description

tx-period

40

Set the interval for sending 802.1X authentication request packets to 40 seconds.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-dot1x:dot1x-access xmlns:hw-nac-dot1x="urn:huawei:params:xml:ns:yang:huawei-nac-dot1x">
        <hw-nac-dot1x:tx-period>40</hw-nac-dot1x:tx-period>
      </hw-nac-dot1x:dot1x-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="20">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-nac-dot1x:dot1x-access/quiet-function/quiet-times</error-path>
    <error-message>parse rpc config error.(Value "121" does not satisfy the constraint "1..10" (range, length, or pattern).).</error-message>
  </rpc-error>
</rpc-reply>
Configuring the URL Redirection for 802.1X Authentication

This section provides a sample of configuring the URL redirection for 802.1X authentication using the merge method.

Table 2-398  Configuring the URL redirection for 802.1X authentication

Operation

XPATH

edit-config:merge

/huawei-nac-dot1x:dot1x-access/url

Data Requirements
Table 2-399  Configuring the URL redirection for 802.1X authentication

Item

Data

Description

url

http://www.123.com.cn

Configure the URL redirection.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-dot1x:dot1x-access xmlns:hw-nac-dot1x="urn:huawei:params:xml:ns:yang:huawei-nac-dot1x">
        <hw-nac-dot1x:url>http://www.123.com.cn</hw-nac-dot1x:url>
      </hw-nac-dot1x:dot1x-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="7">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Wrong parameter.</error-message>
    <error-info>Error on node /huawei-nac-dot1x:dot1x-access/url</error-info>
  </rpc-error>
</rpc-reply>
Configuring the Function of Triggering 802.1X Authentication Through Multicast Packets

This section provides a sample of configuring the function of triggering 802.1X authentication through multicast packets using the merge method.

Table 2-400  Configuring the function of triggering 802.1X authentication through multicast packets

Operation

XPATH

edit-config:merge

/huawei-nac-dot1x:dot1x-access/multicast-trigger-function/enable

Data Requirements
Table 2-401  Configuring the function of triggering 802.1X authentication through multicast packets

Item

Data

Description

enable

true

Configure the function of triggering 802.1X authentication through multicast packets.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-dot1x:dot1x-access xmlns:hw-nac-dot1x="urn:huawei:params:xml:ns:yang:huawei-nac-dot1x">
        <hw-nac-dot1x:multicast-trigger-function>
          <hw-nac-dot1x:enable>true</hw-nac-dot1x:enable>
        </hw-nac-dot1x:multicast-trigger-function>
      </hw-nac-dot1x:dot1x-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="9">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-nac-dot1x:dot1x-access/multicast-trigger-function/enable</error-path>
    <error-message>parse rpc config error.(Invalid value "1" in "enable" element.).</error-message>
  </rpc-error>
</rpc-reply>
Enabling the Function of Triggering 802.1X Authentication Through Multicast Packets Immediately After an Interface Goes Up

This section provides a sample of enabling the function of triggering 802.1X authentication through multicast packets immediately after an interface goes Up using the merge method.

Table 2-402  Enabling the function of triggering 802.1X authentication through multicast packets immediately after an interface goes Up

Operation

XPATH

edit-config:merge

/huawei-nac-dot1x:dot1x-access/multicast-trigger-function/port-up-enable

Data Requirements
Table 2-403  Enabling the function of triggering 802.1X authentication through multicast packets immediately after an interface goes Up

Item

Data

Description

port-up-enable

true

Enable the function of triggering 802.1X authentication through multicast packets immediately after an interface goes Up.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-dot1x:dot1x-access xmlns:hw-nac-dot1x="urn:huawei:params:xml:ns:yang:huawei-nac-dot1x">
        <hw-nac-dot1x:multicast-trigger-function>
          <hw-nac-dot1x:port-up-enable>true</hw-nac-dot1x:port-up-enable>
        </hw-nac-dot1x:multicast-trigger-function>
      </hw-nac-dot1x:dot1x-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="12">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-nac-dot1x:dot1x-access/multicast-trigger-function/port-up-enable</error-path>
    <error-message>parse rpc config error.(Invalid value "1" in "port-up-enable" element.).</error-message>
  </rpc-error>
</rpc-reply>

Configuring a MAC Access Profile

This section describes the configuration model of MAC access profile and provides examples of XML packets.

Data Model

The configuration model file matching the MAC access profile is huawei-nac-mac.yang.

Table 2-404  Data model

Object

Description

Value

Remarks

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile

Indicates that the object of a request operation (create or modify) is a MAC access profile. It is a root object, which is only used to contain sub-objects and does not have any data meaning.

N/A

N/A

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/name

Indicates the name of the created MAC access profile.

The value is a string of 1 to 31 case-sensitive characters, which cannot be configured to - and --. It cannot contain spaces and the following special characters: / \ : * ? " < > | @ ' %.

N/A

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/password

Specifies the password for a MAC address authentication user and displays the password in cipher text.

The value is a string of case-sensitive characters without spaces. The password is either a plain-text string of 1 to 128 characters or a cipher-text string of 48 to 188 characters.

N/A

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/user-name-format/fixed-format/user-name

Configures a fixed user name for MAC address authentication.

The value is a string of 1 to 64 case-sensitive characters without spaces.

N/A

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/user-name-format/mac-address/mac-address-format

Indicates the format of a MAC address.

The value is of the enumerated type:

  • with-hyphen: indicates that the MAC address contains hyphens (-), for example, 0005-e01c-02e3.
  • with-hyphen-normal: indicates that the MAC address contains hyphens (-), for example, 00-05-e0-1c-02-e3.
  • without-hyphen: indicates that the MAC address does not contain hyphens (-), for example, 0005e01c02e3.

N/A

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/user-name-format/mac-address/letter

Configures a MAC address in uppercase or lowercase format as the user name for MAC address authentication.

The value is of the enumerated type:

  • uppercase: indicates that the MAC address is in uppercase format.
  • lowercase: indicates that the MAC address is in lowercase format.

N/A

/huawei-nac-mac:mac-access/quiet-function/quiet-period

Configures the quiet period for MAC address authentication users who fail to be authenticated.

The value is an integer in the range from 0 to 3600, in seconds.

N/A

/huawei-nac-mac:mac-access/quiet-function/quiet-times

Configures the maximum number of authentication failures within 60 seconds before the device quiets a MAC address authentication user.

The value is an integer in the range from 1 to 10.

N/A

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/dhcp-option-format

Specifies a specified DHCP option as the user name for MAC address authentication.

The value is of the enumerated type:

  • circuit-id: specifies the circuit ID in the DHCP Option82 as the user name in MAC address authentication.
  • remote-id: specifies the remote ID in the DHCP Option82 as the user name in MAC address authentication.

N/A

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/get-dhcp-option

Configures the device to send DHCP option information to the authentication server when triggering MAC address authentication through DHCP packets.

The value is an integer. In the current version, the value is fixed as 82.

N/A

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/mac-re-authenticate/re-authenticate-dhcp-renew

Indicates whether to enable the device to re-authenticate the users when receiving DHCP lease renewal packets from MAC address authentication users.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/off-line-dhcp-release

Indicates whether to enable the device to clear user entries when receiving DHCP release packets from MAC address authentication users.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/permit-mac/permit-mac-authenticate/mac

Indicates a source MAC address segment allowed for MAC address authentication.

The value is in the format of H-H-H, in which H is a hexadecimal number of 1 to 4 digits.

N/A

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/permit-mac/permit-mac-authenticate/prefix-length

Indicates the mask of a source MAC address segment allowed for MAC address authentication.

The value is an integer in the range from 1 to 48.

N/A

Creating a MAC Access Profile

This section provides a sample of creating a MAC access profile using the merge method. You can also use the create method to create a MAC access profile.

Table 2-405  Creating a MAC access profile

Operation

XPATH

edit-config:merge

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/name

Data Requirement
Table 2-406  Creating a MAC access profile

Item

Data

Description

name

test

Create the MAC access profile test.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
   <mac-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac-mac">
    <mac-access-profile>
     <name>test</name>
    </mac-access-profile>
   </mac-access>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <ok/>
</rpc-reply>  

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>invalid mac-access-profile name</error-message>
    <error-info>Error on node /huawei-nac-mac:mac-access/mac-access-profile[name="mactestmactestmactestmactestmactest"]/name</error-info>
  </rpc-error>
</rpc-reply>
Configuring Passwords in Cipher Text for MAC Address Authentication

This section provides a sample of configuring passwords in cipher text for MAC address authentication using the merge method. You can also use the create method to configure passwords in cipher text for MAC address authentication.

Table 2-407  Configuring passwords in cipher text for MAC address authentication

Operation

XPATH

edit-config:merge

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/password

Data Requirement
Table 2-408  Configuring passwords in cipher text for MAC address authentication

Item

Data

Description

name

test

Configure passwords in cipher text for MAC address authentication.

The MAC access profile must exist on the switch.

mac-address-format

with-hyphen-normal

letter

uppercase

password

huawei@123

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
   <mac-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac-mac">
    <mac-access-profile>
     <name>test</name>
     <mac-address-format>with-hyphen-normal</mac-address-format>
     <letter>uppercase</letter>
     <password>huawei@123</password>
    </mac-access-profile>
   </mac-access>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="11">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>CMD is incomplete, para fixed or macaddress must have one.</error-message>
    <error-info>Error on node /huawei-nac-mac:mac-access/mac-access-profile[name="mactest"]/letter</error-info>
  </rpc-error>
</rpc-reply>
Configuring Fixed User Names for MAC Address Authentication

This section provides a sample of configuring fixed user names for MAC address authentication using the merge method. You can also use the create method to configure fixed user names for MAC address authentication.

Table 2-409  Configuring fixed user names for MAC address authentication

Operation

XPATH

edit-config:merge

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/user-name-format/fixed-format/user-name

Data Requirement
Table 2-410  Configuring fixed user names for MAC address authentication

Item

Data

Description

name

test

Configure fixed user names for MAC address authentication.

The MAC access profile must exist on the switch.

user-name

huawei

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
   <mac-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac-mac">
    <mac-access-profile>
     <name>test</name>
      <user-name>huawei</user-name>
    </mac-access-profile>
   </mac-access>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="12">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>CMD is incomplete, para fixed or macaddress must have one.</error-message>
    <error-info>Error on node /huawei-nac-mac:mac-access/mac-access-profile[name="mactest"]/user-name</error-info>
  </rpc-error>
</rpc-reply>
Configuring MAC Addresses as User Names for MAC Address Authentication

This section provides a sample of configuring MAC addresses as user names for MAC address authentication using the merge method. You can also use the create method to configure MAC addresses as user names for MAC address authentication.

Table 2-411  Configuring MAC addresses as user names for MAC address authentication

Operation

XPATH

edit-config:merge

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/user-name-format/mac-address/mac-address-format

Data Requirement
Table 2-412  Configuring MAC addresses as user names for MAC address authentication

Item

Data

Description

name

test

Configure MAC addresses as user names for MAC address authentication.

The MAC access profile must exist on the switch.

mac-address-format

with-hyphen-normal

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
   <mac-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac-mac">
    <mac-access-profile>
     <name>test</name>
     <mac-address-format>with-hyphen-normal</mac-address-format>
    </mac-access-profile>
   </mac-access>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="11">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>CMD is incomplete, para fixed or macaddress must have one.</error-message>
    <error-info>Error on node /huawei-nac-mac:mac-access/mac-access-profile[name="mactest"]/letter</error-info>
  </rpc-error>
</rpc-reply>
Configuring MAC Addresses in the Uppercase Format as User Names for MAC Address Authentication

This section provides a sample of configuring MAC addresses in the uppercase format as user names for MAC address authentication using the merge method. You can also use the create method to configure MAC addresses in the uppercase format as user names for MAC address authentication.

Table 2-413  Configuring MAC addresses in the uppercase format as user names for MAC address authentication

Operation

XPATH

edit-config:merge

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/user-name-format/mac-address/letter

Data Requirement
Table 2-414  Configuring MAC addresses in the uppercase format as user names for MAC address authentication

Item

Data

Description

name

test

Configure MAC addresses in the uppercase format as user names for MAC address authentication.

The MAC access profile must exist on the switch.

mac-address-format

with-hyphen-normal

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
   <mac-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac-mac">
    <mac-access-profile>
     <name>test</name>
     <mac-address-format>with-hyphen-normal</mac-address-format>
     <letter>uppercase</letter>
    </mac-access-profile>
   </mac-access>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8">
 <ok/>
</rpc-reply>

Sample of failed response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="11">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>CMD is incomplete, para fixed or macaddress must have one.</error-message>
    <error-info>Error on node /huawei-nac-mac:mac-access/mac-access-profile[name="mactest"]/letter</error-info>
  </rpc-error>
</rpc-reply>
Configuring DHCP Options as User Names for MAC Address Authentication

This section provides a sample of configuring DHCP options as user names for MAC address authentication using the merge method.

Table 2-415  Configuring DHCP options as user names for MAC address authentication

Operation

XPATH

edit-config:merge

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/dhcp-option-format

Data Requirements
Table 2-416  Configuring DHCP options as user names for MAC address authentication

Item

Data

Description

name

test

Configure the MAC access profile named test.

dhcp-option-format

option82-circuit-id

Set the user name for MAC address authentication to a specified DHCP option.

separate

#

Set the delimiter in the user name of MAC address authentication to #.

code-format

format-hex

Set the user name for MAC address authentication in hexadecimal format.

password

huawei@123

Set the password for MAC address authentication to huawei@123.

Request Example
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-mac:mac-access xmlns:hw-nac-mac="urn:huawei:params:xml:ns:yang:huawei-nac-mac">
        <hw-nac-mac:mac-access-profile>
          <hw-nac-mac:name>test</hw-nac-mac:name>
          <hw-nac-mac:dhcp-option-format>option82-circuit-id</hw-nac-mac:dhcp-option-format>
          <hw-nac-mac:separate>#</hw-nac-mac:separate>
          <hw-nac-mac:code-format>format-hex</hw-nac-mac:code-format>
          <hw-nac-mac:password>huawei@123</hw-nac-mac:password>
        </hw-nac-mac:mac-access-profile>
      </hw-nac-mac:mac-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-nac-mac:mac-access/mac-access-profile[name='laoyu']/dhcp-option-format</error-path>
    <error-message>parse rpc config error.(Invalid value "circuit-id" in "dhcp-option-format" element.).</error-message>
  </rpc-error>
</rpc-reply>
Configuring the Device to Send DHCP Option Information to the Authentication Server When Triggering MAC Address Authentication Through DHCP Packets

This section provides a sample of configuring the device to send DHCP option information to the authentication server when triggering MAC address authentication through DHCP packets using the merge method.

Table 2-417  Configuring the device to send DHCP option information to the authentication server when triggering MAC address authentication through DHCP packets

Operation

XPATH

edit-config:merge

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/get-dhcp-option

Data Requirements
Table 2-418  Configuring the device to send DHCP option information to the authentication server when triggering MAC address authentication through DHCP packets

Item

Data

Description

name

test

Configure the MAC access profile named test.

dhcp-option-format

option82-circuit-id

Set the user name for MAC address authentication to a specified DHCP option.

separate

#

Set the delimiter in the user name of MAC address authentication to #.

code-format

format-hex

Set the user name for MAC address authentication in hexadecimal format.

password

huawei@123

Set the password for MAC address authentication to huawei@123.

get-dhcp-option

option-82

Send DHCP option information to the authentication server.

Request Example
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-mac:mac-access xmlns:hw-nac-mac="urn:huawei:params:xml:ns:yang:huawei-nac-mac">
        <hw-nac-mac:mac-access-profile>
          <hw-nac-mac:name>test</hw-nac-mac:name>
          <hw-nac-mac:dhcp-option-format>option82-circuit-id</hw-nac-mac:dhcp-option-format>
          <hw-nac-mac:separate>#</hw-nac-mac:separate>
          <hw-nac-mac:code-format>format-hex</hw-nac-mac:code-format>
          <hw-nac-mac:password>huawei@123</hw-nac-mac:password>
          <hw-nac-mac:get-dhcp-option>option-82</hw-nac-mac:get-dhcp-option>
        </hw-nac-mac:mac-access-profile>
      </hw-nac-mac:mac-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-nac-mac:mac-access/mac-access-profile[name='laoyu']/get-dhcp-option[.='option-16']</error-path>
    <error-message>parse rpc config error.(Invalid value "option-16" in "get-dhcp-option" element.).</error-message>
  </rpc-error>
</rpc-reply>
Configuring the Device to Re-authenticate the Users When Receiving DHCP Lease Renewal Packets From MAC Address Authentication Users

This section provides a sample of configuring the device to re-authenticate the users when receiving DHCP lease renewal packets from MAC address authentication users using the merge method.

Table 2-419  Configuring the device to re-authenticate the users when receiving DHCP lease renewal packets from MAC address authentication users

Operation

XPATH

edit-config:merge

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/mac-re-authenticate/re-authenticate-dhcp-renew

Data Requirements
Table 2-420  Configuring the device to re-authenticate the users when receiving DHCP lease renewal packets from MAC address authentication users

Item

Data

Description

name

test

Configure the MAC access profile named test.

dhcp-option-format

option82-circuit-id

Set the user name for MAC address authentication to a specified DHCP option.

separate

#

Set the delimiter in the user name of MAC address authentication to #.

code-format

format-hex

Set the user name for MAC address authentication in hexadecimal format.

password

huawei@123

Set the password for MAC address authentication to huawei@123.

get-dhcp-option

option-82

Send DHCP option information to the authentication server.

re-authenticate-dhcp-renew

true

Re-authenticate the users when the device receives DHCP lease renewal packets from MAC address authentication users.

Request Example
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-mac:mac-access xmlns:hw-nac-mac="urn:huawei:params:xml:ns:yang:huawei-nac-mac">
        <hw-nac-mac:mac-access-profile>
          <hw-nac-mac:name>test</hw-nac-mac:name>
          <hw-nac-mac:dhcp-option-format>option82-circuit-id</hw-nac-mac:dhcp-option-format>
          <hw-nac-mac:separate>#</hw-nac-mac:separate>
          <hw-nac-mac:code-format>format-hex</hw-nac-mac:code-format>
          <hw-nac-mac:password>huawei@123</hw-nac-mac:password>
          <hw-nac-mac:get-dhcp-option>option-82</hw-nac-mac:get-dhcp-option>
          <hw-nac-mac:mac-re-authenticate>
            <hw-nac-mac:re-authenticate-dhcp-renew>true</hw-nac-mac:re-authenticate-dhcp-renew>
          </hw-nac-mac:mac-re-authenticate>
        </hw-nac-mac:mac-access-profile>
      </hw-nac-mac:mac-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-nac-mac:mac-access/mac-access-profile[name='laoyu']/mac-re-authenticate/re-authenticate-dhcp-renew</error-path>
    <error-message>parse rpc config error.(Invalid value "hahah" in "re-authenticate-dhcp-renew" element.).</error-message>
  </rpc-error>
</rpc-reply>
Configuring the Device to Clear User Entries When Receiving DHCP Release Packets From MAC Address Authentication Users

This section provides a sample of configuring the device to clear user entries when receiving DHCP release packets from MAC address authentication users using the merge method.

Table 2-421  Configuring the device to clear user entries when receiving DHCP release packets from MAC address authentication users

Operation

XPATH

edit-config:merge

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/mac-re-authenticate/off-line-dhcp-release

Data Requirements
Table 2-422  Configuring the device to clear user entries when receiving DHCP release packets from MAC address authentication users

Item

Data

Description

name

test

Configure the MAC access profile named test.

dhcp-option-format

option82-circuit-id

Set the user name for MAC address authentication to a specified DHCP option.

separate

#

Set the delimiter in the user name of MAC address authentication to #.

code-format

format-hex

Set the user name for MAC address authentication in hexadecimal format.

password

huawei@123

Set the password for MAC address authentication to huawei@123.

get-dhcp-option

option-82

Send DHCP option information to the authentication server.

re-authenticate-dhcp-renew

true

Re-authenticate the users when the device receives DHCP lease renewal packets from MAC address authentication users.

off-line-dhcp-release

true

Clear user entries when the device receives DHCP release packets from MAC address authentication users.

Request Example
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-mac:mac-access xmlns:hw-nac-mac="urn:huawei:params:xml:ns:yang:huawei-nac-mac">
        <hw-nac-mac:mac-access-profile>
          <hw-nac-mac:name>test</hw-nac-mac:name>
          <hw-nac-mac:dhcp-option-format>option82-circuit-id</hw-nac-mac:dhcp-option-format>
          <hw-nac-mac:separate>#</hw-nac-mac:separate>
          <hw-nac-mac:code-format>format-hex</hw-nac-mac:code-format>
          <hw-nac-mac:password>huawei@123</hw-nac-mac:password>
          <hw-nac-mac:get-dhcp-option>option-82</hw-nac-mac:get-dhcp-option>
          <hw-nac-mac:mac-re-authenticate>
            <hw-nac-mac:re-authenticate-dhcp-renew>true</hw-nac-mac:re-authenticate-dhcp-renew>
          </hw-nac-mac:mac-re-authenticate>
          <hw-nac-mac:off-line-dhcp-release>true</hw-nac-mac:off-line-dhcp-release>
        </hw-nac-mac:mac-access-profile>
      </hw-nac-mac:mac-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="3">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-nac-mac:mac-access/mac-access-profile[name='laoyu']/off-line-dhcp-release</error-path>
    <error-message>parse rpc config error.(Invalid value "sasa" in "off-line-dhcp-release" element.).</error-message>
  </rpc-error>
</rpc-reply>
Configuring a Source MAC Address Segment Allowed for MAC Address Authentication

This section provides a sample of configuring a source MAC address segment allowed for MAC address authentication using the merge method.

Table 2-423  Configuring a source MAC address segment allowed for MAC address authentication

Operation

XPATH

edit-config:merge

/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/permit-mac/permit-mac-authenticate

Data Requirements
Table 2-424  Configuring a source MAC address segment allowed for MAC address authentication

Item

Data

Description

name

test

Configure the MAC access profile named test.

dhcp-option-format

option82-circuit-id

Set the user name for MAC address authentication to a specified DHCP option.

separate

#

Set the delimiter in the user name of MAC address authentication to #.

code-format

format-hex

Set the user name for MAC address authentication in hexadecimal format.

password

huawei@123

Set the password for MAC address authentication to huawei@123.

get-dhcp-option

option-82

Send DHCP option information to the authentication server.

re-authenticate-dhcp-renew

true

Re-authenticate the users when the device receives DHCP lease renewal packets from MAC address authentication users.

off-line-dhcp-release

true

Clear user entries when the device receives DHCP release packets from MAC address authentication users.

mac

c0bf-c023-fb11

Set the MAC address to c0bf-c023-fb11.

prefix-length

24

Set the mask length of the MAC address to 24.

Request Example
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-mac:mac-access xmlns:hw-nac-mac="urn:huawei:params:xml:ns:yang:huawei-nac-mac">
        <hw-nac-mac:mac-access-profile>
          <hw-nac-mac:name>test</hw-nac-mac:name>
          <hw-nac-mac:dhcp-option-format>option82-circuit-id</hw-nac-mac:dhcp-option-format>
          <hw-nac-mac:separate>#</hw-nac-mac:separate>
          <hw-nac-mac:code-format>format-hex</hw-nac-mac:code-format>
          <hw-nac-mac:password>huawei@123</hw-nac-mac:password>
          <hw-nac-mac:get-dhcp-option>option-82</hw-nac-mac:get-dhcp-option>
          <hw-nac-mac:mac-re-authenticate>
            <hw-nac-mac:re-authenticate-dhcp-renew>true</hw-nac-mac:re-authenticate-dhcp-renew>
          </hw-nac-mac:mac-re-authenticate>
          <hw-nac-mac:off-line-dhcp-release>true</hw-nac-mac:off-line-dhcp-release>
          <hw-nac-mac:permit-mac>
            <hw-nac-mac:permit-mac-authenticate>
              <hw-nac-mac:mac>c0bf-c023-fb11</hw-nac-mac:mac>
              <hw-nac-mac:prefix-length>24</hw-nac-mac:prefix-length>
            </hw-nac-mac:permit-mac-authenticate>
          </hw-nac-mac:permit-mac>
        </hw-nac-mac:mac-access-profile>
      </hw-nac-mac:mac-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="8">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-nac-mac:mac-access/mac-access-profile[name='laoyu']/permit-mac/permit-mac-authenticate[mac='c0bx-cy23-fb11']/mac</error-path>
    <error-message>parse rpc config error.(Value "c0bx-cy23-fb11" does not satisfy the constraint "[0-9a-fA-F]{4}(-[0-9a-fA-F]{4}){2}" (range, length, or pattern).).</error-message>
  </rpc-error>
</rpc-reply>
Configuring the Quiet Function for MAC Address Authentication Users

This section provides a sample of configuring the quiet function for MAC address authentication users using the merge method.

Table 2-425  Configuring the quiet function for MAC address authentication users

Operation

XPATH

edit-config:merge

/huawei-nac-mac:mac-access/quiet-function

Data Requirements
Table 2-426  Configuring the quiet function for MAC address authentication users

Item

Data

Description

quiet-period

2400

Set the quiet period of a MAC address authentication user to 2400 seconds.

quiet-times

7

Set the maximum number of authentication failures within 60 seconds before the device quiets the MAC address authentication user to 7.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">   
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
   <mac-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac-mac" xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:operation="merge">
    <quiet-function>
     <quiet-period>2400</quiet-period>
     <quiet-times>7</quiet-times>
    </quiet-function>
   </mac-access>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="9">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-nac-mac:mac-access/mac-access-profile[name='laoyu']/permit-mac/permit-mac-authenticate[mac='c0bf-c023-fb11']/prefix-length</error-path>
    <error-message>parse rpc config error.(Value "99" does not satisfy the constraint "0..32" (range, length, or pattern).).</error-message>
  </rpc-error>
</rpc-reply>

Configuring a Portal Server Template

This section describes the configuration model of Portal server template and provides examples of XML packets.

Data Model

The configuration model file matching Portal server template is huawei-aaa-portal.yang.

Table 2-427  Data model

Object

Description

Value

Remarks

/huawei-aaa-portal/portal

Indicates that the request operation (creation or modification) object is a Portal server template. This object is the root object. It is only used to contain sub-objects, but does not have any data meaning.

N/A

N/A

/huawei-aaa-portal/portal/portal-server/name

Indicates the name of the created Portal server template.

The value is a string of 1 to 31 case-sensitive characters. It cannot be - or -- and cannot contain spaces or the following symbols: / \ : * ? " < > | @ ' %.

N/A

/huawei-aaa-portal/portal/portal-server/portal-server-ip

Indicates that the IP address for the Portal server is configured.

The value is in dotted decimal notation.

N/A

/huawei-aaa-portal/portal/portal-server/destination-port

Indicates that the destination port number for the switch to send packets to the Portal server is configured.

The value is an integer that ranges from 1 to 65535.

N/A

/huawei-aaa-portal/portal/portal-server/shared-key

Indicates that the shared key for the switch to exchange information with the Portal server is configured.

The value is a string of case-sensitive characters without spaces. It can be a string of 48 characters in cipher text, or a string of 1 to 16 characters in plain text. If the string is enclosed in double quotation marks (" "), the string can contain spaces.

N/A

/huawei-aaa-portal:portal/portal-server/vpn-instance

Indicates that the VPN instance for the switch to communicate with the Portal server is configured.

The value must be an existing VPN instance.

N/A

/huawei-aaa-portal/portal/portal-server/server-url

Indicates that the URL for the Portal server is configured.

The value is a string of 1 to 200 case-sensitive characters without spaces and question marks (?). If the string is enclosed in double quotation marks (" "), the string can contain spaces.

N/A

/huawei-aaa-portal/portal/portal-server/url-template/name

Indicates the name of the URL template bound to the Portal server template.

The value must be the name of an existing URL template.

N/A

/huawei-aaa-portal/portal/portal-server/protocol

Indicates that the protocol used in Portal authentication is configured.

Enumerated type:

  • http
  • haca
  • portal
  • http-uam
N/A

/huawei-aaa-portal/portal/portal-server/web-redirection-disable

Indicates that the Portal authentication redirection function is disabled. By default, the Portal authentication redirection function is enabled.

Boolean type:

  • true: enabled
  • false: disabled
N/A

/huawei-aaa-portal/portal/portal-server/server-detect-function/server-detect-enable

Indicates that the Portal server detection function is enabled.

Boolean type:

  • true: enabled
  • false: disabled
N/A

/huawei-aaa-portal/portal/portal-server/user-sync-function

Indicates that the user information synchronization function is enabled for Portal authentication.

Boolean type:

  • true: enabled
  • false: disabled
N/A

/huawei-aaa-portal/portal/portal-server/source-ip-address/ip/ip-address

Indicates that the source IP address for the switch to communicate with the Portal server is configured.

The value is in dotted decimal notation.

N/A

/huawei-aaa-portal/portal/listening-port

Indicates that the number of the port through which the switch listens to Portal packets is configured.

The value is an integer that ranges from 1024 to 55535.

N/A

/huawei-aaa-portal/portal/url-template/name

Indicates the name of a created URL template.

The value is a string of 1 to 31 case-sensitive characters. It cannot be - or -- and cannot contain spaces or the following symbols: / \ : * ? " < > | @ ' %.

N/A

/huawei-aaa-portal/portal/url-template/url/url

Indicates that the redirection URL or pushed URL for the Portal server is configured.

The value is a string of 1 to 200 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces.

N/A

/huawei-aaa-portal/portal/url-template/url-parameter

Indicates that parameters carried in the URL are configured.

The value is a string of 1 to 16 case-sensitive characters without spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces.

N/A

/huawei-aaa-portal/portal/url-template/url-parameter/mac-address-format

Indicates that the MAC address format in the URL is configured.

  • normal: The MAC address format is set to XX-XX-XX-XX-XX-XX.
  • compact: The MAC address format is set to XXXX-XXXX-XXXX.
  • delimiter: The value is one case-sensitive character without spaces.
N/A
/huawei-aaa-portal:portal/url-template/mark-parameter/start-mark Configuring the start character in the URL.

The value is one case-sensitive character without spaces.

N/A
/huawei-aaa-portal:portal/url-template/mark-parameter/assignment-mark Configuring the assignment character in the URL.

The value is one case-sensitive character without spaces.

N/A
/huawei-aaa-portal:portal/url-template/mark-parameter/isolate-mark Configuring the delimiter in the URL.

The value is one case-sensitive character without spaces.

N/A

/huawei-aaa-portal:portal/url-template/url-ssid

Indicates the SSID that users associate with in the redirection URL or pushed URL of the Portal server.

The value must be an existing SSID.

N/A

/huawei-aaa-portal:portal/reply-message-enable

Indicates whether to enable the device to transparently transmit user authentication responses sent by the authentication server to the Portal server.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.
N/A

/huawei-aaa-portal:portal/logout-resend-function/interval

Indicates the re-transmission interval of Portal authentication user logout packets.

The value is an integer in the range from 1 to 300, in seconds.

N/A

/huawei-aaa-portal:portal/logout-resend-function/times

Indicates the number of re-transmission times for Portal authentication user logout packets.

The value is an integer in the range from 0 to 15.

The value 0 indicates that the re-transmission function is disabled.

N/A

/huawei-aaa-portal:portal/version

Indicates the Portal protocol version supported by the device.

The value is of the enumerated type:

  • v2
  • v1v2
N/A

/huawei-aaa-portal:portal/logout-different-server-enable

Indicates whether to enable a device to process user logout requests sent by a Portal server other than the one from which users log in.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.
N/A

/huawei-aaa-portal:portal/global-source-ip/ip/ip-address

Indicates the source IP address used by the device to communicate with the Portal server in the system view.

The value is in dotted decimal notation.

N/A

/huawei-aaa-portal:portal/url-template/url-parameter/login-url/key

/huawei-aaa-portal:portal/url-template/url-parameter/login-url/value

Indicates the login URL of the access device.

  • key: indicates the identification keyword for the login URL sent to the Portal server during redirection.
  • value: indicates a specified URL of the access device.
  • key: The value is a string of 1 to 16 case-sensitive characters without spaces, question marks (?), ampersands (&), and equal signs (=).
  • value: The value is a string of 1 to 200 case-sensitive characters without spaces.
N/A

/huawei-aaa-portal:portal/url-template/url-parameter/set-parameter-value/set-ac-ip/source-type/ip/ip-address

/huawei-aaa-portal:portal/url-template/url-parameter/set-parameter-value/set-ap-ip/source-type/ip/ip-address

  • Configures the specified IP address as the redirection parameter ac-ip.
  • Configures the specified IP address as the redirection parameter ap-ip.

The value is in dotted decimal notation.

N/A

/huawei-aaa-portal:portal/portal-server/url-template/ciphered-parameter-name

Indicates the name of the encrypted URL template parameter.

The value is a string of 1 to 16 characters.

N/A

/huawei-aaa-portal:portal/portal-server/url-template/iv-parameter-name

Indicates the encryption vector name of the URL template parameter.

The value is a string of 1 to 16 characters.

N/A

/huawei-aaa-portal:portal/portal-server/url-template/key

Indicates the encryption key for encrypting the URL template parameter.

The value is either a plain-text string of 1-16 characters or a cipher-text string of 48 characters.

N/A

/huawei-aaa-portal:portal/portal-server/source-ip-address/interface/loopback-interface

Configures the IP address of a specified interface as the source IP address used by the device to communicate with the Portal server.

The value must be an existing interface number.

N/A

/huawei-aaa-portal:portal/portal-server/http-method-parameters/get-method-enable

Indicates whether to enable users to submit the user name and password to the device in GET mode during Portal authentication.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.
N/A

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/cmd-key/cmd-key

Indicates the command identification keyword.

The value is a string of 1 to 16 case-sensitive characters without spaces, question marks (?), ampersands (&), and equal signs (=).

N/A

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/cmd-key/login-key

Indicates the user login identification keyword.

The value is a string of 1 to 15 case-sensitive characters without spaces, question marks (?), ampersands (&), and equal signs (=).

N/A

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/cmd-key/logout-key

Indicates the user logout identification keyword.

The value is a string of 1 to 15 case-sensitive characters without spaces, question marks (?), ampersands (&), and equal signs (=).

N/A

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/password-key/password-key

Indicates the password identification keyword.

The value is a string of 1 to 16 case-sensitive characters without spaces, question marks (?), ampersands (&), and equal signs (=).

N/A

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/initial-url-key/init-url-key

Indicates the identification keyword for the user initial login URL.

The value is a string of 1 to 16 case-sensitive characters without spaces, question marks (?), ampersands (&), and equal signs (=).

N/A

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/user-ip-key/user-ip-key

Indicates the identification keyword for the user IP address.

The value is a string of 1 to 16 case-sensitive characters without spaces, question marks (?), ampersands (&), and equal signs (=).

N/A

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/user-mac-key/user-mac-key

Indicates the identification keyword for the user MAC address.

The value is a string of 1 to 16 case-sensitive characters without spaces, question marks (?), ampersands (&), and equal signs (=).

N/A

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/user-name-key/user-name-key

Indicates the user name identification keyword.

The value is a string of 1 to 16 case-sensitive characters without spaces, question marks (?), ampersands (&), and equal signs (=).

N/A

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/response-parameters/login-fail

Indicates the response message upon a user login failure.

N/A N/A

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/response-parameters/login-success

Indicates the response message upon a user login success.

N/A N/A

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/response-parameters/logout-fail

Indicates the response message upon a user logout failure.

N/A N/A

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/response-parameters/logout-success

Indicates the response message upon a user logout success.

N/A N/A
Creating a Portal Server Template

This section provides a sample of creating a Portal server template using the merge method. You can also use the create method to create a Portal server template.

Table 2-428  Creating a Portal server template

Operation

XPATH

edit-config:merge

/huawei-aaa-portal/portal/portal-server/name

Data Requirement
Table 2-429  Portal server template

Item

Data

Description

name

huawei

Create the Portal server template huawei.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
    <portal-server xc:operation="merge">  
     <name>huawei</name>
    </portal-server> 
   </portal>
  </config>
 </edit-config>
</rpc> 
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
 <ok/>
</rpc-reply>  

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="14">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Invalid server name</error-message>
    <error-info>Error on node /huawei-aaa-portal:portal/portal-server[name="portalserverportalserverportalserver"]/name</error-info>
  </rpc-error>
</rpc-reply>
Configuring an IP Address for the Portal Server

This section provides a sample of configuring an IP address for the Portal server using the merge method. You can also use the create method to configure an IP address for the Portal server.

Table 2-430  Configuring an IP address for the Portal server

Operation

XPATH

edit-config:merge

/huawei-aaa-portal/portal/portal-server/portal-server-ip

Data Requirement
Table 2-431  Configuring an IP address for the Portal server

Item

Data

Description

portal-server-ip

10.10.10.10

Configure the IP address 10.10.10.10 for the Portal server.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
    <portal-server> 
     <name>huawei</name>
      <portal-server-ip>10.10.10.10</portal-server-ip>
    </portal-server>  
   </portal>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply>  

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="15">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Undo/config server-ip failed.</error-message>
    <error-info>Error on node /huawei-aaa-portal:portal/portal-server[name="huawei"]/portal-server-ip[.="255.255.255.255"]</error-info>
  </rpc-error>
</rpc-reply>
Configuring the Source IP Address for the Switch to Communicate with the Portal Server

This section provides a sample of configuring the source IP address for the switch to communicate with the Portal server using the merge method. You can also use the create method to configure the source IP address for the switch to communicate with the Portal server.

Table 2-432  Configuring the source IP address for the switch to communicate with the Portal server

Operation

XPATH

edit-config:merge

/huawei-aaa-portal/portal/portal-server/source-ip-address/ip/ip-address

Data Requirement
Table 2-433  Configuring the source IP address for the switch to communicate with the Portal server

Item

Data

Description

ip-address

192.168.255.255

Configure the source IP address 192.168.255.255 for the switch to communicate with the Portal server.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
    <portal-server xc:operation="merge">  
     <name>huawei</name>
     <ip-address xc:operation="merge">192.168.255.255</ip-address>
    </portal-server> 
   </portal>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply>  

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="16">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Source-ip cmd executing failed.</error-message>
    <error-info>Error on node /huawei-aaa-portal:portal/portal-server[name="huawei"]/ip-address</error-info>
  </rpc-error>
</rpc-reply>
Configuring the Destination Port Number for the Switch to Send Packets to the Portal Server

This section provides a sample of configuring the destination port number for the switch to send packets to the Portal server using the merge method. You can also use the create method to configure the destination port number for the switch to send packets to the Portal server using the merge method.

Table 2-434  Configuring the destination port number for the switch to send packets to the Portal server

Operation

XPATH

edit-config:merge

/huawei-aaa-portal/portal/portal-server/destination-port/port

Data Requirement
Table 2-435  Configuring the destination port number for the switch to send packets to the Portal server

Item

Data

Description

port

555

Set the destination port number for the switch to send packets to the Portal server to 555.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
    <portal-server> 
     <name>huawei</name>
     <destination-port>
      <port>555</port>
      <always>true</always>
     </destination-port>
    </portal-server>  
   </portal>
  </config>
 </edit-config>
</rpc> 
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply>  

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="17">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-message>parse rpc config error.</error-message>
  </rpc-error>
</rpc-reply>
Configuring the Shared Key for the Switch to Exchange Information with the Portal Server

This section provides a sample of configuring the shared key for the switch to exchange information with the Portal server using the merge method. You can also use the create method to configure the shared key for the switch to exchange information with the Portal server.

Table 2-436  Configuring the shared key for the switch to exchange information with the Portal server

Operation

XPATH

edit-config:merge

/huawei-aaa-portal/portal/portal-server/shared-key

Data Requirement
Table 2-437  Configuring the shared key for the switch to exchange information with the Portal server

Item

Data

Description

shared-key

zLUYANG12#$%()aa

Set the shared key for the switch to exchange information with the Portal server to zLUYANG12#$%()aa.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
    <portal-server> 
     <name>huawei</name>
     <shared-key>zLUYANG12#$%()aa</shared-key>
    </portal-server>  
   </portal>
  </config>
 </edit-config>
</rpc> 
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply>  

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="18">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Invalid shared-key</error-message>
    <error-info>Error on node /huawei-aaa-portal:portal/portal-server[name="huawei"]/shared-key</error-info>
  </rpc-error>
</rpc-reply>
Configuring a VPN Instance for the Switch to Communicate with the Portal Server

This section provides a sample of configuring a VPN instance for the switch to communicate with the Portal server using the merge method. You can also use the create method to configure a VPN instance for the switch to communicate with the Portal server.

Table 2-438  Configuring a VPN instance for the switch to communicate with the Portal server

Operation

XPATH

edit-config:merge

/huawei-aaa-portal:portal/portal-server/vpn-instance

Data Requirement
Table 2-439  Configuring a VPN instance for the switch to communicate with the Portal server

Item

Data

Description

vpn-instance

vpna

Configure the VPN instance vpna for the switch to communicate with the Portal server.

The VPN instance must exist on the switch.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
 <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
   <hw-l3vpn:vpn-instances xmlns:hw-l3vpn="urn:huawei:params:xml:ns:yang:huawei-l3vpn">
    <hw-l3vpn:vpn-instance>
     <hw-l3vpn:vpn-instance-name>vpna</hw-l3vpn:vpn-instance-name>
     <hw-l3vpn:ipv4-family>
      <hw-l3vpn:route-distinguisher>100:1</hw-l3vpn:route-distinguisher>
     </hw-l3vpn:ipv4-family>
    </hw-l3vpn:vpn-instance>
   </hw-l3vpn:vpn-instances>
   <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
    <portal-server>
     <name>webauth1</name>
     <vpn-instance>vpna</vpn-instance>
    </portal-server>
   </portal>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply>  

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="19">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message> The vpn-instance does not exist or is invalid.</error-message>
    <error-info>Error on node /huawei-aaa-portal:portal/portal-server[name="webauth1"]/vpn-instance</error-info>
  </rpc-error>
</rpc-reply>
Disabling the Portal Authentication Redirection Function

This section provides a sample of disabling the Portal authentication redirection function using the merge method.

Table 2-440  Disabling the Portal authentication redirection function

Operation

XPATH

edit-config:merge

/huawei-aaa-portal/portal/portal-server/web-redirection-disable

Data Requirement
Table 2-441  Disabling the Portal authentication redirection function

Item

Data

Description

https-redirect-enable

false

Disable the Portal authentication redirection function.

Request Example
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <target>
    <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
    <portal-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac-portal">
      <https-redirect-enable xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:operation="merge">false</https-redirect-enable>
    </portal-access>
  </config>
</edit-config>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply>  

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="20">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-message>parse rpc config error.</error-message>
  </rpc-error>
</rpc-reply>
Configuring a URL for the Portal Server

This section provides a sample of configuring a URL for the Portal server using the merge method. You can also use the create method to configure a URL for the Portal server.

Table 2-442  Configuring a URL for the Portal server

Operation

XPATH

edit-config:merge

/huawei-aaa-portal/portal/portal-server/server-url

Data Requirement
Table 2-443  Configuring a URL for the Portal server

Item

Data

Description

server-url

http://www.abc.com

Configure the URL http://www.abc.com for the Portal server.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
    <portal-server> 
     <name>huawei</name>
     <server-url>http://www.abc.com</server-url>
    </portal-server>  
   </portal>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply> 

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="22">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Invalid url</error-message>
    <error-info>Error on node /huawei-aaa-portal:portal/portal-server[name="huawei"]/server-url</error-info>
  </rpc-error>
</rpc-reply>
Creating a URL Template

This section provides a sample of creating a URL template using the merge method. You can also use the create method to create a URL template.

Table 2-444  Creating a URL template

Operation

XPATH

edit-config:merge

/huawei-aaa-portal/portal/url-template

Data Requirement
Table 2-445  Creating a URL template

Item

Data

Description

name

test

Create the URL template test.t

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273"> 
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
    <listening-port>3210</listening-port>
    <url-template>
     <name>test</name>
    </url-template>
   </portal>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply> 

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="23">
  <rpc-error>
    <error-app-tag>1</error-app-tag>
    <error-message>Service process failed.</error-message>
    <error-info>Error on node /huawei-aaa-portal:portal/url-template[name="abcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc"]/name</error-info>
  </rpc-error>
</rpc-reply>
Configuring the Redirection URL or Pushed URL for the Portal Server

This section provides a sample of configuring the redirection URL or pushed URL for the Portal server using the merge method. You can also use the create method to configure the redirection URL or pushed URL for the Portal server.

Table 2-446  Configuring the redirection URL or pushed URL for the Portal server

Operation

XPATH

edit-config:merge

/huawei-aaa-portal/portal/url-template/url/url

Data Requirement
Table 2-447  Configuring the redirection URL or pushed URL for the Portal server

Item

Data

Description

url

12345

Configure the redirection URL or pushed URL for the Portal server.

url-type

push-only

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273"> 
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
    <listening-port>3210</listening-port>
    <url-template>
     <name>test</name>
     <url>
      <url>12345</url>
      <url-type>push-only</url-type>
     </url>
    </url-template>
   </portal>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply> 

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="24">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Invalid url</error-message>
    <error-info>Error on node /huawei-aaa-portal:portal/url-template[name="huawei"]/url[url-type="push-only"]/url</error-info>
  </rpc-error>
</rpc-reply>
Configuring the MAC Address Format in the URL

This section provides a sample of configuring the MAC address format in the URL using the merge method. You can also use the create method to configure the MAC address format in the URL.

Table 2-448  Configuring the MAC address format in the URL

Operation

XPATH

edit-config:merge

/huawei-aaa-portal/portal/url-template/url-parameter/mac-address-format

Data Requirement
Table 2-449  Configuring the MAC address format in the URL

Item

Data

Description

delimiter

7

Configure the MAC address format in the URL.

format

compact

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273"> 
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
    <listening-port>3210</listening-port>
    <url-template>
     <name>test</name>
     <url>
      <url>12345</url>
      <url-type>push-only</url-type>
     </url>
     <url-parameter>
      <redirect-url>Rede</redirect-url>
      <sysname>Sses</sysname>
      <user-ipaddress>User</user-ipaddress>
      <user-mac>User</user-mac>
      <mac-address-format>
       <delimiter>7</delimiter>
       <format>compact</format>
      </mac-address-format>
     </url-parameter>
    </url-template>
   </portal>
  </config>
 </edit-config>
</rpc> 
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply> 

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="29">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Incomplete information.</error-message>
    <error-info>Error on node /huawei-aaa-portal:portal/url-template[name="huawei"]/url-parameter</error-info>
  </rpc-error>
</rpc-reply>
Configuring the Start Character in the URL

This section provides a sample of configuring the start character in the URL using the merge method. You can also use the create method to configure the start character in the URL.

Table 2-450  Configuring the start character in the URL

Operation

XPATH

edit-config:merge

/huawei-aaa-portal:portal/url-template/mark-parameter/start-mark

Data Requirement
Table 2-451  Configuring the start character in the URL

Item

Data

Description

name

url1

Set the start character in the URL to a.

start-mark

a

Request Example
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <target>
    <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
    <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
      <url-template>
        <name>url1</name>
        <mark-parameter>
          <start-mark>a</start-mark>
        </mark-parameter>
      </url-template>
    </portal>
  </config>
</edit-config>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply> 

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="32">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Invalid mark-parameter start-mark</error-message>
    <error-info>Error on node /huawei-aaa-portal:portal/url-template[name="url1"]/mark-parameter/start-mark</error-info>
  </rpc-error>
</rpc-reply>
Configuring the Assignment Character in the URL

This section provides a sample of configuring the assignment character in the URL using the merge method. You can also use the create method to configure the assignment character in the URL.

Table 2-452  Configuring the assignment character in the URL

Operation

XPATH

edit-config:merge

/huawei-aaa-portal:portal/url-template/mark-parameter/assignment-mark

Data Requirement
Table 2-453  Configuring the assignment character in the URL

Item

Data

Description

name

url1

Set the assignment character in the URL to an equal sign (=).

assignment-mark

=

Request Example
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <target>
    <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
    <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
      <url-template>
        <name>url1</name>
        <mark-parameter>
          <assignment-mark>=</assignment-mark>
        </mark-parameter>
      </url-template>
    </portal>
  </config>
</edit-config>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply> 

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="33">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Invalid mark-parameter assignment-mark</error-message>
    <error-info>Error on node /huawei-aaa-portal:portal/url-template[name="url1"]/mark-parameter/assignment-mark</error-info>
  </rpc-error>
</rpc-reply>
Configuring the Delimiter in the URL

This section provides a sample of configuring the delimiter in the URL using the merge method. You can also use the create method to configure the delimiter in the URL.

Table 2-454  Configuring the delimiter in the URL

Operation

XPATH

edit-config:merge

/huawei-aaa-portal:portal/url-template/mark-parameter/isolate-mark

Data Requirement
Table 2-455  Configuring the delimiter in the URL

Item

Data

Description

name

url1

Set the delimiter in the URL to l.

isolate-mark

l

Request Example
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <target>
    <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
    <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
      <url-template>
        <name>url1</name>
        <mark-parameter>
          <isolate-mark>1</isolate-mark>
        </mark-parameter>
      </url-template>
    </portal>
  </config>
</edit-config>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply> 

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="34">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Invalid mark-parameter isolate-mark</error-message>
    <error-info>Error on node /huawei-aaa-portal:portal/url-template[name="url1"]/mark-parameter/isolate-mark</error-info>
  </rpc-error>
</rpc-reply>
Binding the URL Template to the Portal Server Template

This section provides a sample of binding the URL template to the Portal server template using the merge method. You can also use the create method to bind the URL template to the Portal server template.

Table 2-456  Binding the URL template to the Portal server template

Operation

XPATH

edit-config:merge

/huawei-aaa-portal/portal/portal-server/url-template/name

Data Requirement
Table 2-457  Binding the URL template to the Portal server template

Item

Data

Description

name

abc

Bind the URL template abc to the Portal server template huawei.

The URL template abc and the Portal server template huawei must have been created.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
    <url-template>
     <name>abc</name>
    </url-template>
    <portal-server> 
     <name>huawei</name>
     <url-template xc:operation="merge">
      <name>abc</name>
     </url-template>
    </portal-server>  
   </portal>
  </config>
 </edit-config>
</rpc> 
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply> 

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="35">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Undo/config url template failed.</error-message>
    <error-info>Error on node /huawei-aaa-portal:portal/portal-server[name="huawei"]/url-template/name</error-info>
  </rpc-error>
</rpc-reply>
Configuring the Protocol Used in Portal Authentication

This section provides a sample of configuring the protocol used in Portal authentication using the merge method. You can also use the create method to configure the protocol used in Portal authentication.

Table 2-458  Configuring the protocol used in Portal authentication

Operation

XPATH

edit-config:merge

/huawei-aaa-portal/portal/portal-server/protocol

Data Requirement
Table 2-459  Configuring the protocol used in Portal authentication

Item

Data

Description

protocol

portal

Set the protocol used in Portal authentication to the Portal protocol.

The Portal server template huawei must have been created.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
    <portal-server> 
     <name>huawei</name>
     <protocol>portal</protocol>
    </portal-server>  
   </portal>
  </config>
 </edit-config>
</rpc>   
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply> 

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="19">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message> The vpn-instance does not exist or is invalid.</error-message>
    <error-info>Error on node /huawei-aaa-portal:portal/portal-server[name="huawei"]/vpn-instance</error-info>
  </rpc-error>
</rpc-reply>
Configuring the Number of the Port Through Which the Switch Listens to Portal Packets

This section provides a sample of configuring the number of the port through which the switch listens to Portal packets using the merge method. You can also use the create method to configure the number of the port through which the switch listens to Portal packets.

Table 2-460  Configuring the number of the port through which the switch listens to Portal packets

Operation

XPATH

edit-config:merge

/huawei-aaa-portal/portal/listening-port

Data Requirement
Table 2-461  Configuring the number of the port through which the switch listens to Portal packets

Item

Data

Description

listening-port

3210

Set the number of the port through which the switch listens to Portal packets to 3210.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273"> 
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
    <listening-port>3210</listening-port>
   </portal>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="37">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-message>parse rpc config error.</error-message>
  </rpc-error>
</rpc-reply>
Enabling the Portal Server Detection Function

This section provides a sample of enabling the Portal server detection function using the merge method. You can also use the create method to enable the Portal server detection function.

Table 2-462  Enabling the Portal server detection function

Operation

XPATH

edit-config:merge

/huawei-aaa-portal/portal/portal-server/server-detect-function/server-detect-enable

Data Requirement
Table 2-463  Enabling the Portal server detection function

Item

Data

Description

server-detect-enable

true

Enable the Portal server detection function.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
    <portal-server xc:operation="merge">  
     <name>huawei</name>
     <server-detect-function>
      <server-detect-enable xc:operation="merge">true</server-detect-enable>
     </server-detect-function>
    </portal-server> 
   </portal>
  </config>
 </edit-config>
</rpc>  
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="37">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-message>parse rpc config error.</error-message>
  </rpc-error>
</rpc-reply>
Enabling the User Information Synchronization Function for Portal Authentication

This section provides a sample of enabling the user information synchronization function for Portal authentication using the merge method. You can also use the create method to enable the user information synchronization function for Portal authentication.

Table 2-464  Enabling the user information synchronization function for Portal authentication

Operation

XPATH

edit-config:merge

/huawei-aaa-portal/portal/portal-server/user-sync-function

Data Requirement
Table 2-465  Enabling the user information synchronization function for Portal authentication

Item

Data

Description

user-sync-enable

true

Enable the user information synchronization function for Portal authentication.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
    <portal-server xc:operation="merge">  
     <name>huawei</name>
     <user-sync-function>
      <user-sync-enable>true</user-sync-enable>
     </user-sync-function>    
    </portal-server> 
   </portal>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-message>parse rpc config error.</error-message>
  </rpc-error>
</rpc-reply>
Enabling the Device to Transparently Transmit User Authentication Responses Sent by the Authentication Server to the Portal Server

This section provides a sample of enabling the device to transparently transmit user authentication responses sent by the authentication server to the Portal server using the merge method. You can also use the create method to enable the device to transparently transmit user authentication responses sent by the authentication server to the Portal server.

Table 2-466  Enabling the device to transparently transmit user authentication responses sent by the authentication server to the Portal server
Operation XPATH
edit-config:merge /huawei-aaa-portal:portal/reply-message-enable
Data Requirements
Table 2-467  Enabling the device to transparently transmit user authentication responses sent by the authentication server to the Portal server
Item Data Description
reply-message-enable true Enable the device to transparently transmit user authentication responses sent by the authentication server to the Portal server.
Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8"> 
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
    <reply-message-enable>true</reply-message-enable>
   </portal>
  </config>
 </edit-config>
</rpc>  
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply>
Configuring the Re-transmission Times and Interval for Portal Authentication User Logout Packets

This section provides a sample of configuring the re-transmission times and interval for Portal authentication user logout packets using the merge method. You can also use the create method to configure the re-transmission times and interval for Portal authentication user logout packets.

Table 2-468  Configuring the re-transmission times and interval for Portal authentication user logout packets

Operation

XPATH

edit-config:merge

/huawei-aaa-portal:portal/logout-resend-function/interval

/huawei-aaa-portal:portal/logout-resend-function/times

Data Requirements
Table 2-469  Configuring the re-transmission times and interval for Portal authentication user logout packets

Item

Data

Description

interval

15

Configure the re-transmission times to 10 and interval to 15 seconds for Portal authentication user logout packets.

times

10

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8"> 
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
    <logout-resend-function>
     <interval>15</interval>
     <times>10</times>
    </logout-resend-function>
   </portal>
  </config>
 </edit-config>
</rpc> 
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply>
Configuring the Portal Protocol Version Supported by the Device

This section provides a sample of configuring the Portal protocol version supported by the device using the merge method.

Table 2-470  Configuring the Portal protocol version supported by the device

Operation

XPATH

edit-config:merge

/huawei-aaa-portal:portal/version

Data Requirements
Table 2-471  Configuring the Portal protocol version supported by the device

Item

Data

Description

version

v1v2

Set the Portal protocol version supported by the device to version V1.0 or V2.0.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-aaa-portal:portal xmlns:hw-aaa-portal="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
        <hw-aaa-portal:version>v1v2</hw-aaa-portal:version>
      </hw-aaa-portal:portal>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="3">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-aaa-portal:portal</error-path>
    <error-message>parse rpc config error.(Unknown element "version".).</error-message>
  </rpc-error>
</rpc-reply>
Configuring a Device to Process User Logout Requests Sent by a Portal Server Other Than the One From Which Users Log In

This section provides a sample of configuring a device to process user logout requests sent by a Portal server other than the one from which users log in using the merge method.

Table 2-472  Configuring a device to process user logout requests sent by a Portal server other than the one from which users log in

Operation

XPATH

edit-config:merge

/huawei-aaa-portal:portal/logout-different-server-enable

Data Requirements
Table 2-473  Configuring a device to process user logout requests sent by a Portal server other than the one from which users log in

Item

Data

Description

logout-different-server-enable

true

Configure a device to process user logout requests sent by a Portal server other than the one from which users log in.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-aaa-portal:portal xmlns:hw-aaa-portal="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
        <hw-aaa-portal:logout-different-server-enable>true</hw-aaa-portal:logout-different-server-enable>
      </hw-aaa-portal:portal>
    </config>
  </edit-config>
</rpc>t-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="12">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-aaa-portal:portal/logout-different-server-enable</error-path>
    <error-message>parse rpc config error.(Invalid value "1" in "logout-different-server-enable" element.).</error-message>
  </rpc-error>
</rpc-reply>
Configuring the Source IP Address Used by the Device to Communicate with the Portal Server in the System View

This section provides a sample of configuring the source IP address used by the device to communicate with the Portal server in the system view using the merge method.

Table 2-474  Configuring the source IP address used by the device to communicate with the Portal server in the system view

Operation

XPATH

edit-config:merge

/huawei-aaa-portal:portal/global-source-ip/ip/ip-address

Data Requirements
Table 2-475  Configuring the source IP address used by the device to communicate with the Portal server in the system view

Item

Data

Description

ip-address

192.168.1.100

Set the source IP address used by the device to communicate with the Portal server in the system view to 192.168.1.100.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-aaa-portal:portal xmlns:hw-aaa-portal="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
        <hw-aaa-portal:ip-address>192.168.1.100</hw-aaa-portal:ip-address>
      </hw-aaa-portal:portal>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-aaa-portal:portal</error-path>
    <error-message>parse rpc config error.(Unknown element "ip-address".).</error-message>
  </rpc-error>
</rpc-reply>
Configuring Parameters in the URL

This section provides a sample of configuring parameters in the URL using the merge method.

Table 2-476  Configuring parameters in the URL

Operation

XPATH

edit-config:merge

/huawei-aaa-portal:portal/url-template/url-parameter/login-url/key

/huawei-aaa-portal:portal/url-template/url-parameter/login-url/value

/huawei-aaa-portal:portal/url-template/url-parameter/user-vlan

/huawei-aaa-portal:portal/url-template/url-parameter/set-parameter-value/set-ac-ip/source-type/ip/ip-address

/huawei-aaa-portal:portal/url-template/url-parameter/set-parameter-value/set-ap-ip/source-type/ip/ip-address

Data Requirements
Table 2-477  Configuring parameters in the URL

Item

Data

Description

name

huawei

Configure the URL template named huawei.

user-vlan

vlan1

Set the user VLAN to VLAN 1.

key

key1

Set the user login keyword to key1.

value

12

Set the URL value to 12.

set-ac-ip

1.1.1.1

Set the IP address of AC to 1.1.1.1.

set-ap-ip

2.2.2.2

Set the IP address of AP to 2.2.2.2.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-aaa-portal:portal xmlns:hw-aaa-portal="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
        <hw-aaa-portal:url-template>
          <hw-aaa-portal:name>huawei</hw-aaa-portal:name>
          <hw-aaa-portal:url-parameter>
           <hw-aaa-portal:user-vlan>vlan1</hw-aaa-portal:user-vlan>
           <hw-aaa-portal:login-url>
              <hw-aaa-portal:key>key1</hw-aaa-portal:key>
              <hw-aaa-portal:value>12</hw-aaa-portal:value>
            </hw-aaa-portal:login-url>            
            <hw-aaa-portal:set-parameter-value>
              <hw-aaa-portal:set-ac-ip>
                <hw-aaa-portal:ip-address>1.1.1.1</hw-aaa-portal:ip-address>
              </hw-aaa-portal:set-ac-ip>
              <hw-aaa-portal:set-ap-ip>
                <hw-aaa-portal:ip-address>2.2.2.2</hw-aaa-portal:ip-address>
              </hw-aaa-portal:set-ap-ip>
            </hw-aaa-portal:set-parameter-value>
          </hw-aaa-portal:url-parameter>
        </hw-aaa-portal:url-template>
      </hw-aaa-portal:portal>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="6">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-aaa-portal:portal/url-template[name='huawei']/url-parameter</error-path>
    <error-message>parse rpc config error.(Unknown element "set-parameter-value".).</error-message>
  </rpc-error>
</rpc-reply>
Binding a URL Template to a Portal Server Template and Encrypting Parameters in the URL Template

This section provides a sample of binding a URL template to a Portal server template and encrypting parameters in the URL template using the merge method.

Table 2-478  Binding a URL template to a Portal server template and encrypting parameters in the URL template

Operation

XPATH

edit-config:merge

/huawei-aaa-portal:portal/portal-server/url-template/name

/huawei-aaa-portal:portal/portal-server/url-template/ciphered-parameter-name

/huawei-aaa-portal:portal/portal-server/url-template/iv-parameter-name

/huawei-aaa-portal:portal/portal-server/url-template/key

Data Requirements
Table 2-479  Binding a URL template to a Portal server template and encrypting parameters in the URL template

Item

Data

Description

name

huawei

Configure the Portal server template named huawei.

url-template

abc

Configure the URL template named abc.

ciphered-parameter-name

key1

Configure the name of the encrypted URL template parameter to key1.

iv-parameter-name

iv2

Configure the encryption vector name of the URL template parameter to iv2.

key

huawei@123

Set the encryption key for encrypting the URL template parameter to huawei@123.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-aaa-portal:portal xmlns:hw-aaa-portal="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
        <hw-aaa-portal:portal-server>
          <hw-aaa-portal:name>huawei</hw-aaa-portal:name>
          <hw-aaa-portal:url-template>
            <hw-aaa-portal:name>abc</hw-aaa-portal:name>
            <hw-aaa-portal:ciphered-parameter-name>key1</hw-aaa-portal:ciphered-parameter-name>
            <hw-aaa-portal:iv-parameter-name>iv2</hw-aaa-portal:iv-parameter-name>
            <hw-aaa-portal:key>huawei@123</hw-aaa-portal:key>
          </hw-aaa-portal:url-template>
        </hw-aaa-portal:portal-server>
      </hw-aaa-portal:portal>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="18">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Exec cmd url template error</error-message>
    <error-info>Error on node /huawei-aaa-portal:portal/portal-server[name="huawei"]/url-template/name</error-info>
  </rpc-error>
</rpc-reply>
Configuring the IP Address of a Specified Interface as the Source IP Address Used by the Device to Communicate with the Portal Server

This section provides a sample of configuring the IP address of a specified interface as the source IP address used by the device to communicate with the Portal server using the merge method.

Table 2-480  Configuring the IP address of a specified interface as the source IP address used by the device to communicate with the Portal server

Operation

XPATH

edit-config:merge

/huawei-aaa-portal:portal/portal-server/source-ip-address/interface/loopback-interface

Data Requirements
Table 2-481  Configuring the IP address of a specified interface as the source IP address used by the device to communicate with the Portal server

Item

Data

Description

name

huawei

Configure the Portal server template named huawei.

loopback-interface

loopback1

Set the interface number to loopback1.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-aaa-portal:portal xmlns:hw-aaa-portal="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
        <hw-aaa-portal:portal-server>
          <hw-aaa-portal:name>huawei</hw-aaa-portal:name>
          <hw-aaa-portal:loopback-interface>loopback1</hw-aaa-portal:loopback-interface>
        </hw-aaa-portal:portal-server>
      </hw-aaa-portal:portal>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="20">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>invalid-value</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-aaa-portal:portal/portal-server[name='huawei']/loopback-interface</error-path>
    <error-message>validation failed(Leafref "/ietf-interfaces:interfaces/ietf-interfaces:interface/ietf-interfaces:name" of value "loopback100" points to a non-existing leaf.).</error-message>
  </rpc-error>
</rpc-reply>
Configuring the Device to Allow Users to Submit the User Name and Password to the Device in GET Mode During Portal Authentication

This section provides a sample of configuring the device to allow users to submit the user name and password to the device in GET mode during Portal authentication using the merge method.

Table 2-482  Configuring the device to allow users to submit the user name and password to the device in GET mode during Portal authentication

Operation

XPATH

edit-config:merge

/huawei-aaa-portal:portal/portal-server/http-method-parameters/get-method-enable

Data Requirements
Table 2-483  Configuring the device to allow users to submit the user name and password to the device in GET mode during Portal authentication

Item

Data

Description

name

huawei

Configure the Portal server template named huawei.

get-method-enable

true

Configure the device to allow users to submit the user name and password to the device in GET mode during Portal authentication.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-aaa-portal:portal xmlns:hw-aaa-portal="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
        <hw-aaa-portal:portal-server>
          <hw-aaa-portal:name>huawei</hw-aaa-portal:name>
          <hw-aaa-portal:http-method-parameters>
            <hw-aaa-portal:get-method-enable>true</hw-aaa-portal:get-method-enable>
          </hw-aaa-portal:http-method-parameters>
        </hw-aaa-portal:portal-server>
      </hw-aaa-portal:portal>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-aaa-portal:portal/portal-server[name='huawei']/http-method-parameters/get-method-enable</error-path>
    <error-message>parse rpc config error.(Invalid value "1" in "get-method-enable" element.).</error-message>
  </rpc-error>
</rpc-reply>
Configuring Parameters for Parsing and Replying to POST Request Packets of the HTTP or HTTPS Protocol

This section provides a sample of configuring parameters for parsing and replying to POST request packets of the HTTP or HTTPS protocol using the merge method.

Table 2-484  Configuring parameters for parsing and replying to POST request packets of the HTTP or HTTPS protocol

Operation

XPATH

edit-config:merge

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/cmd-key/cmd-key

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/cmd-key/login-key

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/cmd-key/logout-key

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/password-key/password-key

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/initial-url-key/init-url-key

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/user-ip-key/user-ip-key

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/user-mac-key/user-mac-key

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/user-name-key/user-name-key

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/response-parameters/login-fail

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/response-parameters/login-success

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/response-parameters/logout-fail

/huawei-aaa-portal:portal/portal-server/http-method-parameters/post-parameters/response-parameters/logout-success

Data Requirements
Table 2-485  Configuring parameters for parsing and replying to POST request packets of the HTTP or HTTPS protocol

Item

Data

Description

name

huawei

Configure the Portal server template named huawei.

cmd-key

key1

Set the user login identification keyword to key1.

login-key

key2

Set the user logout identification keyword to key2.

logout-key

key3

Set the command identification keyword to key3.

password-key

psw1

Set the password identification keyword to psw1.

init-url-key

key1

Set the identification keyword for the user initial login URL to key1.

user-ip-key

key1

Set the identification keyword for the user IP address to key1.

user-mac-key

key1

Set the identification keyword for the user MAC address to key1.

user-name-key

key1

Set the user name identification keyword to key1.

message

msg1

Set the response message upon a user login failure to msg1.

message

msg2

Set the response message upon a user login success to msg2.

message

msg3

Set the response message upon a user logout failure to msg3.

message

msg4

Set the response message upon a user logout success to msg4.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-aaa-portal:portal xmlns:hw-aaa-portal="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
        <hw-aaa-portal:portal-server>
          <hw-aaa-portal:name>huawei</hw-aaa-portal:name>
          <hw-aaa-portal:http-method-parameters>
            <hw-aaa-portal:post-parameters>
              <hw-aaa-portal:cmd-key>
                <hw-aaa-portal:cmd-key>key1</hw-aaa-portal:cmd-key>
                <hw-aaa-portal:login-key>key2</hw-aaa-portal:login-key>
                <hw-aaa-portal:logout-key>key3</hw-aaa-portal:logout-key>
              </hw-aaa-portal:cmd-key>
              <hw-aaa-portal:password-key>
                <hw-aaa-portal:password-key>psw1</hw-aaa-portal:password-key>
              </hw-aaa-portal:password-key>
              <hw-aaa-portal:initial-url-key>
                <hw-aaa-portal:init-url-key>key1</hw-aaa-portal:init-url-key>
              </hw-aaa-portal:initial-url-key>
              <hw-aaa-portal:user-ip-key>
                <hw-aaa-portal:user-ip-key>key1</hw-aaa-portal:user-ip-key>
              </hw-aaa-portal:user-ip-key>
              <hw-aaa-portal:user-mac-key>
                <hw-aaa-portal:user-mac-key>key1</hw-aaa-portal:user-mac-key>
              </hw-aaa-portal:user-mac-key>
              <hw-aaa-portal:user-name-key>
                <hw-aaa-portal:user-name-key>key1</hw-aaa-portal:user-name-key>
              </hw-aaa-portal:user-name-key>
              <hw-aaa-portal:response-parameters>
                <hw-aaa-portal:login-fail>
                  <hw-aaa-portal:message>msg1</hw-aaa-portal:message>
                </hw-aaa-portal:login-fail>
                <hw-aaa-portal:login-success>
                  <hw-aaa-portal:message>msg2</hw-aaa-portal:message>
                </hw-aaa-portal:login-success>
                <hw-aaa-portal:logout-fail>
                  <hw-aaa-portal:message>msg3</hw-aaa-portal:message>
                </hw-aaa-portal:logout-fail>
                <hw-aaa-portal:logout-success>
                  <hw-aaa-portal:message>msg4</hw-aaa-portal:message>
                </hw-aaa-portal:logout-success>
              </hw-aaa-portal:response-parameters>
            </hw-aaa-portal:post-parameters>
          </hw-aaa-portal:http-method-parameters>
        </hw-aaa-portal:portal-server>
      </hw-aaa-portal:portal>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="16">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-aaa-portal:portal/portal-server[name='huawei']/http-method-parameters/post-parameters/response-parameters/logout-fail/redirect-url</error-path>
    <error-message>parse rpc config error.(Data for more than one case branch of "response" choice present.).</error-message>
  </rpc-error>
</rpc-reply>

Configuring a Portal Access Profile

This section describes the configuration model of Portal access profile and provides examples of XML packets.

Data Model

The configuration model file matching Portal access profile is huawei-nac-portal.yang.

Table 2-486  Data model

Object

Description

Value

Remarks

/huawei-nac-portal

Indicates that the request operation (creation, deletion, or modification) object is nac-portal. This object is the root object. It is only used to contain sub-objects, but does not have any data meaning.

N/A

N/A

/huawei-nac-portal/portal-access/configure-mode/unified-mode/portal-access-profile

Indicates that a Portal access profile is created.

The value is a string of 1 to 31 case-sensitive characters. It cannot be - or -- and cannot contain spaces or the following symbols: / \ : * ? " < > | @ ' %.

N/A

/huawei-nac-portal/portal-access/configure-mode/unified-mode/portal-access-profile/portal-server/portal-server

Indicates that a Portal server template is bound to the Portal access profile.

The value must be the name of an existing Portal server template.

N/A

/huawei-nac-portal:portal-access/configure-mode/unified-mode/portal-access-profile/portal-server/bak-portal-server

Indicates that a backup Portal server template is bound to the Portal access profile.

The value must be the name of an existing Portal server template.

N/A

/huawei-nac-portal/portal-access/configure-mode/unified-mode/portal-access-profile/portal-mode

Indicates that the Portal authentication mode for the Portal access profile is configured.

Enumerated type:

  • direct: Layer 2 Portal authentication
  • layer3: Layer 3 Portal authentication

N/A

/huawei-nac-portal/portal-access/configure-mode/unified-mode/portal-access-profile/portal-authentication-timer/offline-detect

Indicates that the offline detection interval for Portal authentication users is configured.

The value is 0 or an integer that ranges from 30 to 7200, in seconds. The default value is 300.

The value 0 indicates that user offline detection is not performed.

N/A

/huawei-nac-portal/portal-access/https-redirect-enable

Indicates whether HTTPS redirection of Portal authentication is enabled.

Boolean type:

  • true: enabled
  • false: disabled

N/A

huawei-nac-portal:portal-access/configure-mode/unified-mode/portal-access-profile/authorize-of-authentication-event/authorize-parameters/service-scheme

Indicates that network access rights are configured (using a service scheme) for users when the Portal server is Down.

N/A

N/A

/huawei-nac-portal/portal-access/configure-mode/unified-mode/portal-access-profile/authorize-of-authentication-event/authorize-parameters/ucl-group

Indicates that network access rights are configured (using a UCL group) for users when the Portal server is Down.

N/A

N/A

/huawei-nac-portal:portal-access/configure-mode/unified-mode/portal-access-profile/re-authen-trigger-event

Indicates that the switch is configured to re-authenticate users when the Portal server changes from Down to Up.

N/A

N/A

/huawei-nac-portal:portal-access/redirect-http-port

Indicates the user-defined destination port number for HTTP packets that trigger Portal redirection.

The value is an integer in the range from 1024 to 65535.

N/A

/huawei-nac-portal:portal-access/url-encode-enable

Indicates whether to enable URL encoding and decoding.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

/huawei-nac-portal:portal-access/user-roam-reply-enable

Indicates whether to enable the device to respond to the Portal server with the IP address of the new AP after a wireless user roams to the new AP.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

/huawei-nac-portal:portal-access/web-authen-server-protocol

Configures the Portal interconnection function of the HTTP or HTTPS protocol.

  • ssl-policy: indicates the SSL policy.
  • port: indicates the port number.
  • ssl-policy: The value must be the name of an existing SSL policy.
  • port: The value can be any integer in the range from 1025 to 65535.

N/A

/huawei-nac-portal:portal-access/portal-max-user-num

Indicates the maximum number of concurrent Portal authentication users allowed to access the device.

The value is an integer that varies depending on the card type.

N/A

/huawei-nac-portal:portal-access/user-alarm

Indicates the alarm threshold for the Portal authentication user count percentage.

The value is an integer in the range from 1 to 100, but the upper alarm threshold must be larger than or equal to the lower alarm threshold.

N/A

/huawei-nac-portal:portal-access/quiet-function/quiet-enable

Indicates whether to enable the quiet function for Portal authentication.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

/huawei-nac-portal:portal-access/quiet-function/quiet-period

Indicates the quiet period of Portal authentication users who fail to be authenticated.

The value is an integer in the range from 10 to 3600, in seconds.

N/A

/huawei-nac-portal:portal-access/quiet-function/quiet-times

Indicates the maximum number of authentication failures within 60 seconds before the device quiets a Portal authentication user.

The value is an integer in the range from 1 to 10.

N/A

/huawei-nac-portal:portal-access/local-portal-server/local-server-ip

Indicates the IP address for the built-in Portal server.

The value is in dotted decimal notation.

N/A

/huawei-nac-portal:portal-access/local-portal-server/local-server-url

Indicates the URL address for the built-in Portal server.

The value is a string of 1 to 64 case-sensitive characters without spaces.

N/A

/huawei-nac-portal:portal-access/local-portal-server/local-portal-server-protocol

Configures the built-in Portal server function.

  • ssl-policy: indicates the SSL policy.
  • port: indicates the port number.
  • ssl-policy: The value must be the name of an existing SSL policy.
  • port: The value can be 443 or any integer in the range from 1025 to 55535.

N/A

/huawei-nac-portal:portal-access/configure-mode/unified-mode/portal-access-profile/authentication-network

Indicates the source subnet for Portal authentication.

  • ip: indicates the IP address.
  • prefix-length: indicates the mask.
  • ip: The value is in dotted decimal notation.
  • prefix-length: The value is an integer in the range from 1 to 32.

N/A

/huawei-nac-portal:portal-access/configure-mode/unified-mode/portal-access-profile/local-portal-function/local-server-enable

Indicates whether to enable the built-in Portal server function in the Portal access profile.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

/huawei-nac-portal:portal-access/configure-mode/unified-mode/portal-access-profile/local-portal-function/anonymous-function

Indicates whether to enable anonymous redirection for users authenticated through the built-in Portal server.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

/huawei-nac-portal:portal-access/configure-mode/unified-mode/portal-access-profile/http-proxy-redirect-function

Indicates whether to enable the HTTP proxy function of the Portal server.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

Creating a Portal Access Profile

This section provides a sample of creating a Portal access profile using the merge method. You can also use the create method to create a Portal access profile.

Table 2-487  Creating a Portal access profile

Operation

XPATH

edit-config:merge

/huawei-nac-portal:portal-access/configure-mode/unified-mode/portal-access-profile/portal-server/portal-server

/huawei-nac-portal:portal-access/configure-mode/unified-mode/portal-access-profile/portal-server/bak-portal-server

/huawei-nac-portal:portal-access/configure-mode/unified-mode/portal-access-profile/portal-mode

Data Requirement
Table 2-488  Portal access profile

Item

Data

Description

name

test

Create the Portal access profile test.

portal-server

webauthserver

Configure the Portal server template webauthserver bound to the Portal access profile test.

bak-portal-server

webauthbakserver

Configure the backup Portal server template webauthbakserver bound to the Portal access profile test.

Request Example
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <target>
    <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
    <portal-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac-portal">
      <portal-access-profile xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:operation="merge">
        <name>test</name>
        <portal-server ns0:operation="merge">
          <portal-server>webauthserver</portal-server>
          <bak-portal-server>webauthbakserver</bak-portal-server>
        </portal-server>
        <portal-mode>direct</portal-mode>
      </portal-access-profile>
    </portal-access>
    <portal xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa-portal">
      <portal-server xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:operation="merge">
        <name>webauthserver</name>
        <portal-server-ip>11.11.11.11</portal-server-ip>
        <destination-port>
          <port>50100</port>
          <always>true</always>
        </destination-port>
      </portal-server>
      <portal-server xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:operation="merge">
        <name>webauthbakserver</name>
        <portal-server-ip>22.22.22.22</portal-server-ip>
        <destination-port>
          <port>50100</port>
          <always>true</always>
        </destination-port>
      </portal-server>
    </portal>
  </config>
</edit-config>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply>  

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="38">
  <rpc-error>
    <error-app-tag>1</error-app-tag>
    <error-message>Service process failed.</error-message>
    <error-info>Error on node /huawei-nac-portal:portal-access/portal-access-profile[name="test"]/name</error-info>
  </rpc-error>
</rpc-reply>
Enabling HTTPS Redirection of Portal Authentication

This section provides a sample of enabling HTTPS redirection of Portal authentication using the merge method. You can also use the create method to enable HTTPS redirection of Portal authentication.

Table 2-489  Enabling HTTPS redirection of Portal authentication

Operation

XPATH

edit-config:merge

/huawei-nac-portal/portal-access/https-redirect-enable

Data Requirement
Table 2-490  Enabling HTTPS redirection of Portal authentication

Item

Data

Description

https-redirect-enable

true

Enable HTTPS redirection of Portal authentication.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
   <portal-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac-portal">
    <https-redirect-enable xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:operation="merge">true</https-redirect-enable>
   </portal-access>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply>  

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="39">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-message>parse rpc config error.</error-message>
  </rpc-error>
</rpc-reply>
Configuring Network Access Rights for Users When the Portal Server is Down (Using a Service Scheme)

This section provides a sample of configuring network access rights for users when the Portal server is Down (using a service scheme) using the merge method. You can also use the create method to configure network access rights for users when the Portal server is Down (using a service scheme).

Table 2-491  Configuring network access rights for users when the Portal server is Down (using a service scheme)

Operation

XPATH

edit-config:merge

/huawei-nac-portal:portal-access/configure-mode/unified-mode/portal-access-profile/authorize-of-authentication-event/authorize-parameters/service-scheme

Data Requirement
Table 2-492  Configuring network access rights for users when the Portal server is Down (using a service scheme)

Item

Data

Description

service-scheme

serscheme_2

Configure network access rights for users when the Portal server is Down (using the service scheme serscheme_2).

Request Example
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <target>
    <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
    <portal-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac-portal">
      <portal-access-profile xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:operation="merge">
        <name>portal_1</name>
        <authorize-of-authentication-event>
          <authentication-event>portal-server-down</authentication-event>
          <service-scheme>serscheme_2</service-scheme>
        </authorize-of-authentication-event>
      </portal-access-profile>
    </portal-access>
    <aaa xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa">
      <service-scheme xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:operation="merge">
        <name>serscheme_2</name>
        <vsys>vsys</vsys>
      </service-scheme>
    </aaa>
  </config>
</edit-config>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply>  

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="41">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message> Service Scheme lsw_ss does not exist.</error-message>
    <error-info>Error on node /huawei-nac-portal:portal-access/portal-access-profile[name="portal_1"]/authorize-of-authentication-event[authentication-event="portal-server-down"]/service-scheme</error-info>
  </rpc-error>
</rpc-reply>
Configuring Network Access Rights for Users When the Portal Server Is Down (Using a UCL Group)

This section provides a sample of configuring network access rights for users when the Portal server is Down (using a UCL group) using the merge method. You can also use the create method to configure network access rights for users when the Portal server is Down (using a UCL group).

Table 2-493  Configuring network access rights for users when the Portal server is Down (using a UCL group)

Operation

XPATH

edit-config:merge

/huawei-nac-portal:portal-access/configure-mode/unified-mode/portal-access-profile/authorize-of-authentication-event/authorize-parameters/user-group/ucl-group

Data Requirement
Table 2-494  Configuring network access rights for users when the Portal server is Down (using a UCL group)

Item

Data

Description

ucl-group

lsw_ucl

Configure network access rights for users when the Portal server is Down (using the UCL group lsw_ucl).

Request Example
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <target>
    <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
    <portal-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac-portal">
      <portal-access-profile xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:operation="merge">
        <name>portal_1</name>
        <authorize-of-authentication-event>
          <authentication-event>portal-server-down</authentication-event>
          <ucl-group>lsw_ucl</ucl-group>
        </authorize-of-authentication-event>
      </portal-access-profile>
    </portal-access>
    <nac-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac">
      <ucl-group xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:operation="merge">
        <index>20</index>
        <name>lsw_ucl</name>
      </ucl-group>
    </nac-access>
  </config>
</edit-config>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply>  

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="42">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message> UCL group lsw_ucl does not exist.</error-message>
    <error-info>Error on node /huawei-nac-portal:portal-access/portal-access-profile[name="portal_1"]/authorize-of-authentication-event[authentication-event="portal-server-down"]/ucl-group</error-info>
  </rpc-error>
</rpc-reply>
Configuring the Switch to Re-authenticate Users When the Portal Server Changes from Down to Up

This section provides a sample of configuring the switch to re-authenticate users when the Portal server changes from Down to Up using the merge method. You can also use the create method to configure the switch to re-authenticate users when the Portal server changes from Down to Up.

Table 2-495  Configuring the switch to re-authenticate users when the Portal server changes from Down to Up

Operation

XPATH

edit-config:merge

/huawei-nac-portal:portal-access/configure-mode/unified-mode/portal-access-profile/re-authen-trigger-event

Data Requirement
Table 2-496  Configuring the switch to re-authenticate users when the Portal server changes from Down to Up

Item

Data

Description

re-authen-trigger-event

portal-server-up

Configure the switch to re-authenticate users when the Portal server changes from Down to Up.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
   <portal-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac-portal">
    <portal-access-profile xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:operation="merge">
     <name>test_name</name>
     <re-authen-trigger-event xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:operation="merge">portal-server-up</re-authen-trigger-event>
    </portal-access-profile>
   </portal-access>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply>  

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="44">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-message>parse rpc config error.</error-message>
  </rpc-error>
</rpc-reply>
Configuring the Source Subnet for Portal Authentication

This section provides a sample of configuring the source subnet for Portal authentication using the merge method.

Table 2-497  Configuring the source subnet for Portal authentication

Operation

XPATH

edit-config:merge

/huawei-nac-portal:portal-access/configure-mode/unified-mode/portal-access-profile/authentication-network

Data Requirements
Table 2-498  Configuring the source subnet for Portal authentication

Item

Data

Description

name

profile1

Configure the Portal access profile named profile1.

ip

10.1.1.0

Set the IP address to 10.1.1.0.

prefix-length

24

Set the prefix length to 24.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-portal:portal-access xmlns:hw-nac-portal="urn:huawei:params:xml:ns:yang:huawei-nac-portal">
        <hw-nac-portal:portal-access-profile>
          <hw-nac-portal:name>profile1</hw-nac-portal:name>
          <hw-nac-portal:authentication-network xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
            <hw-nac-portal:ip>10.1.1.0</hw-nac-portal:ip>
            <hw-nac-portal:prefix-length>24</hw-nac-portal:prefix-length>
          </hw-nac-portal:authentication-network>
        </hw-nac-portal:portal-access-profile>
      </hw-nac-portal:portal-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <rpc-error>
  <error-type>application</error-type>
  <error-tag>operation-failed</error-tag>
  <error-severity>error</error-severity>
  <error-message>parse configuration error.</error-message>
 </rpc-error>
</rpc-reply>
Enabling the Built-in Portal Server Function in the Portal Access Profile

This section provides a sample of enabling the built-in Portal server function in the Portal access profile using the merge method.

Table 2-499  Enabling the built-in Portal server function in the Portal access profile

Operation

XPATH

edit-config:merge

/huawei-nac-portal:portal-access/configure-mode/unified-mode/portal-access-profile/local-portal-function/local-server-enable

Data Requirements
Table 2-500  Enabling the built-in Portal server function in the Portal access profile

Item

Data

Description

name

profile1

Configure the Portal access profile named profile1.

local-server-enable

true

Enable the built-in Portal server function.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-portal:portal-access xmlns:hw-nac-portal="urn:huawei:params:xml:ns:yang:huawei-nac-portal">
        <hw-nac-portal:portal-access-profile>
          <hw-nac-portal:name>profile1</hw-nac-portal:name>
          <hw-nac-portal:local-portal-function xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
            <hw-nac-portal:local-server-enable>true</hw-nac-portal:local-server-enable>
          </hw-nac-portal:local-portal-function>
        </hw-nac-portal:portal-access-profile>
      </hw-nac-portal:portal-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <rpc-error>
  <error-type>application</error-type>
  <error-tag>operation-failed</error-tag>
  <error-severity>error</error-severity>
  <error-message>parse configuration error.</error-message>
 </rpc-error>
</rpc-reply>
Configuring Anonymous Redirection for Users Authenticated Through the Built-in Portal Server

This section provides a sample of configuring anonymous redirection for users authenticated through the built-in Portal server using the merge method.

Table 2-501  Configuring anonymous redirection for users authenticated through the built-in Portal server

Operation

XPATH

edit-config:merge

/huawei-nac-portal:portal-access/configure-mode/unified-mode/portal-access-profile/local-portal-function/anonymous-function

Data Requirements
Table 2-502  Configuring anonymous redirection for users authenticated through the built-in Portal server

Item

Data

Description

name

profile1

Configure the Portal access profile named profile1.

anonymous-enable

true

Enable anonymous redirection for users authenticated through the built-in Portal server.

Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac-portal:portal-access xmlns:hw-nac-portal="urn:huawei:params:xml:ns:yang:huawei-nac-portal">
        <hw-nac-portal:portal-access-profile>
          <hw-nac-portal:name>profile1</hw-nac-portal:name>
          <hw-nac-portal:local-portal-function>
            <hw-nac-portal:anonymous-function xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
              <hw-nac-portal:anonymous-enable>true</hw-nac-portal:anonymous-enable>
            </hw-nac-portal:anonymous-function>
          </hw-nac-portal:local-portal-function>
        </hw-nac-portal:portal-access-profile>
      </hw-nac-portal:portal-access>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <rpc-error>
  <error-type>application</error-type>
  <error-tag>operation-failed</error-tag>
  <error-severity>error</error-severity>
  <error-message>parse configuration error.</error-message>
 </rpc-error>
</rpc-reply>
Configuring the HTTP Proxy Function of the Portal Server

This section provides a sample of configuring the HTTP proxy function of the Portal server using the merge method.

Table 2-503  Configuring the HTTP proxy function of the Portal server

Operation

XPATH

edit-config:merge

/huawei-nac-portal:portal-access/configure-mode/unified-mode/portal-access-profile/http-proxy-redirect-function