No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an Authentication Scheme

Configuring an Authentication Scheme

After configuring an authentication mode, you need to configure relevant user information on the authentication server; if user information is not configured, users cannot pass the authentication.


Perform the following steps on the router:


  1. Run system-view

    The system view is displayed.

  2. Run aaa

    The AAA view is displayed.

  3. Run authentication-scheme scheme-name

    An authentication scheme is created.

    The authentication schemes named default, default0, and default1 are set by default on the NE40E. They can be modified but cannot be deleted.

  4. Run authentication-mode { radius | local } *[ none ]

    Or run authentication-mode none

    Or run authentication-mode radius-proxy

    An authentication mode is set.

    • If RADIUS authentication is used, you need to configure a RADIUS authentication server. For configuration details, see Configuring RADIUS Authentication and Accounting Servers.
    • If local authentication is used, you need to run the local-user user-name password { cipher cipher-password | irreversible-cipher irreversible-password command to create a local user.
    • If RADIUS proxy authentication is used, you need to configure RADIUS authentication proxy. For configuration details, see (Optional) Configuring RADIUS Proxy Authentication.

  5. (Optional) Run authening authen-fail { offline | online authen-domain domain-name }

    The policy for handling the authentication failure is configured.

    The policy for handling the authentication failure refers to the policy used by the NE40E after the user fails the authentication.

  6. (Optional) Run authening quota-out-redirect-enable

    The function of redirecting a user to a specified domain When the quota of the user equal to zero is enabled.

  7. (Optional) Run authening authen-redirect online authen-domain domain-name

    The redirection domain is configured.

    After you configure the redirection domain, the users that pass the authentication and the users that actually fail the authentication go online from different domains.

    By configuring a private IP address pool, UCL-based access control, and security domain in the redirection domain, you can differentiate the functions of address allocation (private addresses and public addresses), access control, and NAT for different user domains. In this manner, users in different domains are separated by differentiated configurations. This solution effectively saves Internet IP addresses and prevents unauthorized users from occupying many Internet IP addresses.

  8. (Optional) In the AAA domain view, run mac-authentication enable

    The MAC address authentication is enabled.


    MAC address authentication is used to simplify Web authentication. If MAC address authentication is enabled, the user for Web authentication only needs to input the user name and password at the first time and the RADIUS server records the user's MAC address. When the user attempts to pass the Web authentication again, the RADIUS server performs the authentication based on the users' MAC address and the user does not need to input the user name and password again.

    In the existing network, this command is used together with the authening authen-fail online authen-domain domain-name command. If the MAC authentication fails, the user can perform the Web authentication by inputing the user name and password in the re-direction domain, and then enter the authentication domain and access the network resources.

Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17715

Downloads: 72

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next