No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
authorize

authorize

Function

The authorize command binds a service scheme or a user group to an authentication profile.

The undo authorize command unbinds a service scheme or a user group from an authentication profile.

By default, no service scheme or user group is bound to an authentication profile.

Format

authorize { service-scheme service-scheme-name | user-group user-group-name }

undo authorize { service-scheme | user-group }

Parameters

Parameter

Description

Value

service-scheme service-scheme-name

Specifies the name of a service scheme bound to an authentication profile.

The value must be the name of an existing service scheme.

user-group user-group-name

Specifies the name of a user group bound to an authentication profile.

The value must be the name of an existing user group.

Views

Authentication profile view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An authenticated user is in the post-authentication domain and can obtain network access rights through local or remote authorization. Remote authorization parameters supported by the device include the VLAN, ACL number, and user group. Local authorization parameters supported by the device include the service scheme and user group.

In remote authorization, the authorization server delivers authorization parameters to the device. For example, if the authorization server uses a user group for remote authorization, you need to specify the user group to which users are added on the authorization server, and configure the user group and network resources for the user group on the device. An authenticated user can obtain network access rights in the user group.

In local authorization, you need to bind authorization parameters to the user authentication domain or authentication profile on the device. The device uses an authentication profile to uniformly manage NAC configurations. Therefore, the administrator manages authorization information in the authentication profile more easily than authorization information in the authentication domain.

Prerequisites

If a service scheme is used for authorization, the service scheme has been created using the service-scheme (AAA view) command, and authorization information has been configured in the service scheme.

If a user group is used for authorization, the user group has been created using the user-group command, and authorization information has been configured in the user group.

Precautions

  • If both local authorization and remote authorization are configured, remote authorization takes effect.

  • If authorization information is configured both in the authentication domain and authentication profile, the authorization information in the authentication profile takes effect.

Example

# Bind the user group u1 to the authentication profile p1.

<Huawei> system-view
[Huawei] user-group u1
[Huawei-user-group-u1] quit
[Huawei] authentication-profile name p1
[Huawei-authentication-profile-p1] authorize user-group u1
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 202330

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next