No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Dumb Terminal Access Based on a MAC Address

Example for Configuring Dumb Terminal Access Based on a MAC Address

This section provides an example for configuring dumb terminal access based on a MAC address.

Networking Requirements

Dumb terminals refer to printers and access control devices on a campus network. Generally, these devices are not assigned IP addresses. Dumb terminals access the Internet in static user mode, and authentication based on MAC addresses is used.

On the network shown in Figure 6-22, the printer accesses the router through GE 1/0/2.

Figure 6-22 Networking for configuring dumb terminal access based on a MAC address
NOTE:

Interface1 through 2 in this example are GE1/0/2,GE 1/0/1.



Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure an authentication scheme, with local authentication specified.

  2. Configure an address pool, with the IP address 172.192.0.8 reserved for the printer.

  3. Configure an authentication domain named printer.

  4. Configure a BAS interface, with the user access mode set to Layer 2 common user access and the default authentication domain set to printer.

  5. Configure a static user.

Data Preparation

To complete the configuration, you need the following data:

  • Authentication scheme name and authentication mode

  • Address pool name, gateway address, and DNS server address

  • Domain name

  • BAS interface parameters

Procedure

  1. Configure an authentication scheme.

    [~HUAWEI] aaa
    [*HUAWEI-aaa] authentication-scheme local
    [*HUAWEI-aaa-authen-local] authentication-mode local
    [*HUAWEI-aaa-authen-local] commit
    [~HUAWEI-aaa-authen-local] quit

  2. Configure the user name format and password.

    [*HUAWEI-aaa] default-user-name include ip-address
    [*HUAWEI-aaa] default-password cipher Root@123
    [*HUAWEI-aaa] commit
    [~HUAWEI-aaa] quit

  3. Configure a local account.

    [~HUAWEI] local-aaa-server
    [*HUAWEI-local-aaa-server] user 172.192.0.8@printer password cipher Root@123 authentication-type b
    [*HUAWEI-local-aaa-server] commit
    [~HUAWEI-local-aaa-server] quit

  4. Configure an address pool.

    [~HUAWEI] ip pool pool1 bas local
    [*HUAWEI-ip-pool-pool1] gateway 172.192.0.1 255.255.255.0
    [*HUAWEI-ip-pool-pool1] section 0 172.192.0.2 172.192.0.200
    [*HUAWEI-ip-pool-pool1] excluded-ip-address 172.192.0.8
    [*HUAWEI-ip-pool-pool1] commit
    [~HUAWEI-ip-pool-pool1] quit

  5. Configure a domain.

    [~HUAWEI] aaa
    [*HUAWEI-aaa] domain printer
    [*HUAWEI-aaa-domain-isp1] authentication-scheme local
    [*HUAWEI-aaa-domain-isp1] accounting-scheme default0
    [*HUAWEI-aaa-domain-isp1] ip-pool pool1
    [*HUAWEI-aaa-domain-isp1] commit
    [~HUAWEI-aaa-domain-isp1] quit
    [~HUAWEI-aaa] quit

  6. Configure a BAS interface.

    NOTE:

    Versions earlier than V600R007C00 do not require BAS activation by license. You can directly run the bas enable command in the slot view.

    [~HUAWEI] interface GigabitEthernet 1/0/2
    [*HUAWEI-GigabitEthernet1/0/2] bas
    [*HUAWEI-GigabitEthernet1/0/2-bas] access-type layer2-subscriber
    [*HUAWEI-GigabitEthernet1/0/2-bas] default-domain authentication printer
    [*HUAWEI-GigabitEthernet1/0/2-bas] authentication-method bind
    [*HUAWEI-GigabitEthernet1/0/2-bas] ip-trigger
    [*HUAWEI-GigabitEthernet1/0/2-bas] arp-trigger
    [*HUAWEI-GigabitEthernet1/0/2-bas] commit
    [~HUAWEI-GigabitEthernet1/0/2-bas] quit
    [~HUAWEI-GigabitEthernet1/0/2] quit
    NOTE:

    In this example, binding authentication is configured. A user name and password for authentication are automatically generated. The automatically generated user name and password must be the same as the created local user name and password because local authentication is used. The user name and password configured using the default-user-name and default-password commands in the AAA view are used as the automatically generated user name and password. For details, see "Configuration Files."

  7. Configure a static user. If the network has multiple printers, perform the following configuration for each printer.

    [*HUAWEI] static-user 172.192.0.8 gateway 172.192.0.1 interface GigabitEthernet 1/0/2 mac-address 0026-73b5-dfc8 domain-name printer detect
    [*HUAWEI]static-user detect interval 1

  8. Verify the configuration.

    After completing the preceding configurations, run the display access-user domain command to check that the user in the domain goes online properly.

    <*HUAWEI> display access-user domain printer
    ------------------------------------------------------------------------------
      UserID  Username                Interface      IP address       MAC          IPv6 address
      ------------------------------------------------------------------------------
      20      172.192.0.8@printer     GE1/0/2.1      172.192.0.8      0026-73b5-dfc8          -
      ------------------------------------------------------------------------------
      Total users                        : 1

Configuration Files

#
 sysname HUAWEI
#
interface GigabitEthernet1/0/2
 bas
  access-type layer2-subscriber  default-domain  authentication printer
  ip-trigger
  arp-trigger
  authentication-method  bind
#
ip pool pool1 bas local
 gateway 172.192.0.1 255.255.255.0
 section 0 172.192.0.2 172.192.0.200
 excluded-ip-address  172.192.0.8
#
aaa
 default-user-name include ip-address
 default-password cipher Root@123 
authentication-scheme  local
 authentication-mode local
domain  printer
 authentication-scheme   local
 accounting-scheme   default0
 ip-pool pool1
#
local-aaa-server
 user 172.192.0.8@printer password cipher Root@123 authentication-type B
#
 static-user 172.192.0.8 gateway 172.192.0.1 interface GigabitEthernet1/0/2 mac-address 0026-73b5-dfc8 domain-name printer detect
 static-user detect interval 1
#
return
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 19394

Downloads: 87

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next