No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring Additional Functions for a Domain

(Optional) Configuring Additional Functions for a Domain

A domain has additional functions such as time-based control, policy-based routing, traffic statistics, or IP address usage alarm.


A domain has the following additional functions:

  • Time-based control

    Time-based control means that a domain is automatically blocked in a specified period. During this period, the users of this domain cannot access the NE40E and the online users are disconnected. After the period, the domain is reactivated automatically, and the domain users are allowed to log in again.

  • Idle cut

    When the traffic volume of a user keeps being lower than a threshold in a period, the NE40E considers the user idle and disconnects the user. To perform the idle cut function, set the idle time and the traffic threshold.

    The idle cut function configured for a domain controls only the basic traffic of a user. The multicast traffic and the VAS traffic that is not configured with the summary feature are not included in the basic traffic. Therefore, the idle cut function is invalid for them.

  • Mandatory PPP authentication

    Generally, the authentication mode (PAP, CHAP, or MSCHAP) of a PPP user is negotiated by the PPP client and the virtual template. After the mandatory authentication mode of a PPP user is configured for a domain, the users in the domain are authenticated in the configured mode.

  • Policy-based routing

    In packet forwarding, the NE40E determines the forwarding egress according to the destination addresses of the packets. With the policy-based routing function, however, the NE40E determines the forwarding egress according to the address specified in the user domain.

  • IP address usage alarm

    After the alarm threshold for the usage (in percentage) of IP addresses is set in a domain, the NE40E sends a trap to the network management system (NMS) when the usage of IP addresses exceeds the threshold. If no alarm threshold is set, the NE40E does not send any trap to the NMS, regardless of the usage of IP addresses.

  • Traffic statistics

    The traffic statistics function collects the total traffic of a domain and the upstream and downstream traffic of users.

  • Accounting packet copy

    The accounting packet copy function allows the NE40E to send accounting information to two RADIUS server groups at the same time and waits for their responses. If no response is received, the NE40E retransmits accounting information after 5s. If the NE40E fails to receive a response from a RADIUS server for three consecutive times, the NE40E sends Accounting Stop packets to this RADIUS server and no longer sends accounting packets to this RADIUS server.

    You can perform this function when multiple copies of original accounting information are required (for example, multiple ISPs cooperate in the networking). In this case, accounting packet copies need to be sent to two RADIUS server groups at the same time, and will be used as the original accounting information in future settlement.

  • Re-authentication timeout

    The re-authentication timeout is valid for Layer 3 pre-authentication users. If a Layer 3 pre-authentication user does not pass the authentication within the maximum re-authentication time, the NE40E disconnects this user.

  • Policy used for online users when the quota is used up

    The NE40E uses a policy after the quota (traffic or session time) of an online user is used up. The NE40E may forcibly log out the user, keep the user online, or redirect the user to a specified portal.

  • Host route tagging

    The host route tagging function allows the NE40E to import route tags based on routing policies and advertise different host routes to different networks by setting and categorizing route tags for host routes of IPv4 users and network segment routes generated based on the RADIUS-delivered Framed-Route attribute.

Perform the following steps on the router:


  1. Run system-view

    The system view is displayed.

  2. Run aaa

    The AAA view is displayed.

  3. Run domain domain-name

    The domain view is displayed.

  4. Run time-range domain-block { range-name | enable }

    Time-based control is configured.

    You can configure up to four time ranges, which have equal priority.

  5. Run idle-cut idle-time { idle-data | zero-rate } [ inbound | outbound ]

    The idle cut function is configured.

    The idle-cut command is used when some users cannot access the Internet due to an exception but can access the Internet after being logged out once. The idle-cut function can take effect on upstream traffic, downstream traffic, or both according to the parameter you specify. If you do not specify the inbound parameter or the outbound parameter, the idle-cut function takes effect on both upstream and downstream traffic.

  6. Run ppp-force-authtype { chap | mschap_v1 | mschap_v2 | pap }

    Mandatory PPP authentication is configured.

  7. Run policy-route { next-hop-ip-address | next-hop-ipv6-address }

    Policy-based routing is configured.

  8. Run ip-warning-threshold { upper-limit-value | lower-limit lower-limit-value }

    The IP address usage alarm function is configured.

  9. Run flow-bill

    The function of collecting the statistics about the total traffic is enabled.

  10. Run flow-statistic { down | up } *

    The function of collecting the upstream or downstream traffic statistics of the domain users is enabled.

  11. Run accounting-copy radius-server radius-name

    The function of sending accounting packet copies is enabled.

  12. Run max-ipuser-reauthtime time-value

    The re-authentication timeout is configured.

  13. Run quota-out { offline | online | redirect url url-string [ redirect-stop-accounting ] }

    The policy used for online users when the quota is used up is configured.


    This command takes effect only when the user's quota is used up and the user is in the specified domain. If the user domain is changed by a CoA packet sent from a policy server and the quota-out command is not configured in the new domain, the user will be logged out if the quota is used up.

    If the RADIUS protocol type is set to non-standard, a real-time accounting packet is sent to the RADIUS server to apply for a new quota when user's quota is used up. If the RADIUS server responds with zero quota, the user is redirected based on the configured quota-out redirect url url-string [ redirect-stop-accounting ] command.

    If you want a user to be directly redirected when its quota is used, you must first set the RADIUS protocol type to standard and configure the quota-out redirect url url-string [ redirect-stop-accounting ].

  14. Run radius-no-response lease-time time

    The extended lease in case of no response from the RADIUS server is set for DHCP users.

  15. Run redirect-domain effect-attribute { user-group | web-url | qos-profile | accounting-scheme | ip-unr-tag }

    The fields that are allowed to take effect are specified in the domain that CoA delivers or the redirection domain for users after they use up their quota.

  16. Run ip unr tag route-type host-route framed-route

    A route tag is set for host routes of IPv4 users and network segment routes generated based on the RADIUS-delivered Framed-Route attribute.

  17. Run reallocate-ip-address

    IP address reallocation is enabled in a domain

    The reallocate-ip-address command is used only for Web users.

Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17327

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next