No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring the RADIUS Server to Dynamically Deliver ACLs

(Optional) Configuring the RADIUS Server to Dynamically Deliver ACLs

The RADIUS server can dynamically deliver ACLs based on the HW-Data-Filter attribute.

Context

The RADIUS server delivers the HW-Data-Filter attribute (No.26-82) carrying the traffic classifier-behavior pair. The traffic classifier attribute carries the classifier name, behavior name, and rule information, and the traffic behavior attribute carries the behavior name and behavior information. ACL information is dynamically delivered after the traffic classifier-behavior is delivered. The HW-Data-Filter attribute disabled by default. You can enable the HW-Data-Filter attribute only using commands.

Perform the following operations on the router.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run aaa

    The AAA view is displayed.

  3. (Optional) Run remote-download user-group enable

    The RADIUS server is configured to create dynamic user groups.

  4. (Optional) Run remote-download user-group check interval interval

    The interval at which the NE40E checks whether online users or dynamic ACLs are using the dynamic user group created by the RADIUS server is configured.

    The NE40E checks one dynamic user group at each interval. If a user group is not used, the NE40E deletes the user group.

  5. Run remote-download acl enable

    The RADIUS server is configured to create dynamic ACLs. The RADIUS server can deliver the HW-Data-Filter attribute carrying the traffic classifier-behavior pair for dynamic ACLs.

  6. (Optional) Run remote-download acl warning-threshold warning-threshold

    The RADIUS server is configured to deliver the alarm threshold for the traffic classifier-behavior pair usage.

  7. (Optional) Run recycle remote-download acl classifier classifier-name

    The idle traffic classifier-behavior pair is reclaimed.

  8. Run quit

    Return to the system view.

  9. Run radius-server group groupname

    The RADIUS server group view displayed.

  10. (Optional) Run radius-attribute decode-error-policy ignore attribute-name

    The NE40E ignores the RADIUS packets with the attribute that fails the parse and check.

    Currently only the HW-Data-Filter attribute is supported.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17273

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next