No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E-M2 V800R010C10SPC500 Feature Description - User Access 01

This is NE40E-M2 V800R010C10SPC500 Feature Description - User Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
BRAS User Domain Classification

BRAS User Domain Classification

The BRAS supports the following types of domains.

Domain Type

Description

Pre-authentication default domain

It is used by web and fast authentication users to obtain IP addresses.

After a user obtains an IP address using the user name bound to this domain, the user can obtain control authorities based on the user group configured in the domain. If a web authentication user is authenticated in this domain, the user is only allowed to access the web authentication server and DNS server. (The access rights are controlled using UCL groups and ACLs.)

If no pre-authentication default domain is configured on a BAS interface, default0 is used as the pre-authentication default domain.

Authentication default domain

If a user enters a user name that does not contain a domain name during authentication, the user uses the authentication, accounting, and RADIUS schemes configured in the authentication default domain.

If no authentication default domain is configured on a BAS interface, default1 is used as the authentication default domain.

Mandatory authentication default domain

A user uses the authentication, accounting, and RADIUS schemes configured in this domain, irrespective of whether the user name contains a domain name or what the domain name is. If the user name contains a domain name, the domain name remains unchanged during authentication; if the user name does not contain a domain name, the mandatory authentication default domain name is added to the user name.

Mandatory substitute authentication domain

A user uses the authentication, accounting, and RADIUS schemes configured in this domain, irrespective of whether the user name contains a domain name or what the domain name is. If the user name contains a domain name, the domain name is replaced by the mandatory substitute authentication domain name during authentication; if the user name does not contain a domain name, the mandatory substitute authentication domain name is added to the user name.

Roaming domain

A roaming domain policy can be applied only when a user name contains a domain name. If the domain name has not been configured on the BRAS, the user uses the authentication, accounting, and RADIUS schemes configured in the roaming domain. The user name remains unchanged during authentication.

If no roaming domain is configured on a BAS interface, default1 is used as the roaming domain.

Authentication domain

It is the domain name contained in a user name. When a user enters a user name (a domain name is contained and has been configured on the BRAS, and no mandatory authentication default domain or substitute authentication domain is configured on the BAS interface), the user uses the authentication, accounting, and RADIUS schemes configured in this domain.

Permit domain

It is a domain that BAS access users are allowed to access.

Download
Updated: 2019-01-02

Document ID: EDOC1100058415

Views: 11858

Downloads: 8

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next