No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Local Authentication for Static Users

Example for Configuring Local Authentication for Static Users

This section provides an example for configuring local authentication for static users, including the networking requirements, configuration roadmap, configuration procedure, and configuration files.

Networking Requirements

The networking is shown in Figure 6-8. The requirements are as follows:

  • The user accesses the Internet by using GE 2/0/0.1 on the router as a static user and the IP address of the user is 172.192.0.8.

  • The user adopts local authentication.

  • The system uses the IP address carried in the user packet as the user name.

Figure 6-8 Networking for configuring local authentication for static users
NOTE:

Interfaces 1 through 2 in this example are GE 1/0/0, GE 2/0/0.1, respectively.



Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure an authentication scheme.

  2. Configure an address pool.

  3. Configure an authentication domain.

  4. Configure a BAS interface and an upstream interface.

  5. Configure a static user.

Data Preparation

To complete the configuration, you need the following data:

  • Authentication template name and authentication mode

  • IP address pool name, gateway address, and DNS server address

  • Domain name

  • BAS interface parameters

Procedure

  1. Configure an authentication scheme.

    [*HUAWEI] aaa
    [*HUAWEI-aaa] authentication-scheme local
    [*HUAWEI-aaa-authen-local] authentication-mode local
    [*HUAWEI-aaa-authen-local] commit
    [~HUAWEI-aaa-authen-local] quit

  2. Configure the user name format and password.

    [*HUAWEI-aaa] default-user-name include ip-address .
    [*HUAWEI-aaa] default-password cipher Root@123
    [*HUAWEI-aaa] commit
    [~HUAWEI-aaa] quit

  3. Configure a local account.

    [*HUAWEI] local-aaa-server
    [*HUAWEI-local-aaa-server] user 172.192.0.8@isp1 password cipher Root@123 authentication-type b
    [*HUAWEI-local-aaa-server] commit
    [~HUAWEI-local-aaa-server] quit

  4. Configure an address pool.

    [*HUAWEI] ip pool pool1 bas local
    [*HUAWEI-ip-pool-pool1] gateway 172.192.0.1 255.255.255.0
    [*HUAWEI-ip-pool-pool1] section 0 172.192.0.2 172.192.0.200
    [*HUAWEI-ip-pool-pool1] excluded-ip-address 172.192.0.8
    [*HUAWEI-ip-pool-pool1] commit
    [~HUAWEI-ip-pool-pool1] quit

  5. Configure a domain.

    [*HUAWEI] aaa
    [*HUAWEI-aaa] domain isp1
    [*HUAWEI-aaa-domain-isp1] authentication-scheme local
    [*HUAWEI-aaa-domain-isp1] accounting-scheme default0
    [*HUAWEI-aaa-domain-isp1] ip-pool pool1
    [*HUAWEI-aaa-domain-isp1] commit
    [~HUAWEI-aaa-domain-isp1] quit
    [~HUAWEI-aaa] quit

  6. Configure a BAS interface.

    [*HUAWEI] interface GigabitEthernet 2/0/0.1
    [*HUAWEI-GigabitEthernet2/0/0.1] user-vlan 2005 qinq 510
    [*HUAWEI-GigabitEthernet2/0/0.1-vlan-2005-2005-QinQ-510-510] commit
    [~HUAWEI-GigabitEthernet2/0/0.1-vlan-2005-2005-QinQ-510-510] quit
    [*HUAWEI-GigabitEthernet2/0/0.1] bas
    [*HUAWEI-GigabitEthernet2/0/0.1-bas] access-type layer2-subscriber
    [*HUAWEI-GigabitEthernet2/0/0.1-bas] authentication-method bind
    [*HUAWEI-GigabitEthernet2/0/0.1-bas] default-domain authentication isp1
    [*HUAWEI-GigabitEthernet2/0/0.1-bas] ip-trigger
    [*HUAWEI-GigabitEthernet2/0/0.1-bas] arp-trigger
    [*HUAWEI-GigabitEthernet2/0/0.1-bas] commit
    [~HUAWEI-GigabitEthernet2/0/0.1-bas] quit
    [~HUAWEI-GigabitEthernet2/0/0.1] quit

  7. Configure a static user.

    [*HUAWEI] static-user 172.192.0.8 interface GigabitEthernet 2/0/0.1 user-vlan 2005 qinq 510 detect

  8. Configure an upstream interface.

    [*HUAWEI] interface GigabitEthernet 1/0/0
    [*HUAWEI-GigabitEthernet1/0/0] ip address 192.168.8.1 255.255.255.0

  9. Run commit

    The configuration is committed.

  10. Verify the configuration.

    After the configuration is complete, you can run the display access-user domain command to view information about the online users in the domain.

    <HUAWEI> display access-user domain isp1
    ------------------------------------------------------------------------------
      UserID  Username                Interface      IP address       MAC
              IPv6 address
      ------------------------------------------------------------------------------
      20      172.192.0.8@isp1                 GE2/0/0.1      172.192.0.8         0002-0101-0101
              -
      ------------------------------------------------------------------------------
      Total users                        : 1

Configuration Files

#
 sysname HUAWEI
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 192.168.8.1 255.255.255.0
#
interface GigabitEthernet2/0/0.1
 user-vlan 2005 qinq 510
 bas
  access-type layer2-subscriber  default-domain  authentication isp1
  ip-trigger
  arp-trigger
  authentication-method  bind
#
ip pool pool1 bas local
 gateway 172.192.0.1 255.255.255.0
 section 0 172.192.0.2 172.192.0.200
 excluded-ip-address  172.192.0.8
#
aaa
 default-user-name include ip-address .
 default-password cipher %^%#oNUw%i-|"WcBgt8=fSVID7F<=K_N+.(ip[H\:a{D%^%# 
authentication-scheme  local
 authentication-mode local
domain  isp1
 authentication-scheme   local
 accounting-scheme   default0
 ip-pool pool1
#
local-aaa-server
 user 172.192.0.8@isp1 password cipher $1a$7WxAIDb{r+$*F~n0B"*M>+CPC@j authentication-type b
#
 static-user 172.192.0.8 172.192.0.8 interface GigabitEthernet2/0/0.1 user-vlan 2005 qinq 510 detect
#
return
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17149

Downloads: 69

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next