No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R013C00 Configuration Guide - User Access and Authentication

This document describes the configurations of User Access and Authentication Configuration, including AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
NAC Escape Mechanism

NAC Escape Mechanism

The NAC escape mechanism grants specified network access permissions to users when the authentication server is Down or to users who fail the authentication or are in pre-connection state. The escape solutions vary according to the authentication modes. Some escape solutions are shared by all authentication modes, while some are supported only in specific authentication modes.

Table 2-12  Escape solutions

Authentication Mode

Triggered Event

Escape Solution

802.1X

The 802.1X client does not respond. authentication event client-no-response action authorize

For details, see (Optional) Configuring Network Access Rights for Users When the 802.1X Client Does Not Respond.

The authentication server is Down. authentication event authen-server-down action authorize

For details, see (Optional) Configuring Authentication Event Authorization Information.

The authentication server does not respond. authentication event authen-server-noreply action authorize

For details, see (Optional) Configuring Authentication Event Authorization Information.

Authentication fails. authentication event authen-fail action authorize

For details, see (Optional) Configuring Authentication Event Authorization Information.

Users are in pre-connection state. authentication event pre-authen action authorize

For details, see (Optional) Configuring Authentication Event Authorization Information.

Portal

The Portal server is Down. authentication event portal-server-down action authorize

For details, see (Optional) Configuring the Portal Escape Function.

The authentication server is Down. authentication event authen-server-down action authorize

For details, see (Optional) Configuring Authentication Event Authorization Information.

Authentication fails. authentication event authen-fail action authorize

For details, see (Optional) Configuring Authentication Event Authorization Information.

Users are in pre-connection state. authentication event pre-authen action authorize

For details, see (Optional) Configuring Authentication Event Authorization Information.

MAC

The authentication server is Down. authentication event authen-server-down action authorize

For details, see (Optional) Configuring Authentication Event Authorization Information.

The authentication server does not respond. authentication event authen-server-noreply action authorize

For details, see (Optional) Configuring Authentication Event Authorization Information.

Authentication fails. authentication event authen-fail action authorize

For details, see (Optional) Configuring Authentication Event Authorization Information.

Users are in pre-connection state. authentication event pre-authen action authorize

For details, see (Optional) Configuring Authentication Event Authorization Information.

The device assigns network access rights configured in each network status based on their priorities as follows:
  • If the authentication server is Down: network access rights upon an authentication server Down event > network access rights for users who fail authentication > network access rights for users in the pre-connection state > user authorization based on whether the function of keeping users who fail to be authenticated and do not have any network access rights in the pre-connection state is enabled
  • If users fail authentication: network access rights for users who fail authentication > network access rights for users in the pre-connection state > user authorization based on whether the function of keeping users who fail to be authenticated and do not have any network access rights in the pre-connection state is enabled
  • If users are in the pre-connection state: network access rights for users in the pre-connection state > user authorization based on whether the function of keeping users who fail to be authenticated and do not have any network access rights in the pre-connection state is enabled
  • If an 802.1X client does not respond: network access rights if an 802.1X client does not respond > network access rights for users in the pre-connection state > user authorization based on whether the function of keeping users who fail to be authenticated and do not have any network access rights in the pre-connection state is enabled
  • If a Portal server is Down: network access rights if a Portal server is Down > network access rights before the Portal server is Down
Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100066170

Views: 21126

Downloads: 6

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next