No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


S600-E V200R013C00 Configuration Guide - User Access and Authentication

This document describes the configurations of User Access and Authentication Configuration, including AAA, NAC, and Policy Association.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Applying AAA Schemes to a Domain

Applying AAA Schemes to a Domain


The created authentication scheme, authorization scheme, accounting scheme, and HWTACACS server template are in effect only when they are applied to a domain.


  1. Run system-view

    The system view is displayed.

  2. Run aaa

    The AAA view is displayed.

  3. Run domain domain-name [ domain-index domain-index ]

    A domain is created and the domain view is displayed, or the view of an existing domain is displayed.

    The device has two default domains:
    • default: Used by common access users
    • default_admin: Used by administrators
    • If a user enters a user name that does not contain a domain name, the user is authenticated in the default domain. In this case, you need to run the domain domain-name [ admin ] command and set domain-name to configure a global default domain on the device.
    • If a user enters a user name that contains a domain name during authentication, the user must enter the correct value of domain-name.

  4. Apply AAA schemes to the domain.




    Apply an authentication scheme to the domain.

    authentication-scheme scheme-name

    By default, the authentication scheme default is applied to the default_admin domain, and the authentication scheme named radius is applied to the default domain and other domains.

    Apply an authorization scheme to the domain.

    authorization-scheme authorization-scheme-name

    By default, no authorization scheme is applied to a domain.

    Apply an accounting scheme to the domain.

    accounting-scheme accounting-scheme-name

    By default, the accounting scheme default is applied to a domain. In this accounting scheme, non-accounting is used and real-time accounting is disabled.

  5. Apply a service scheme and an HWTACACS server template to the domain.




    (Optional) Apply a service scheme to the domain.

    service-scheme service-scheme-name

    By default, no service scheme is applied to a domain.

    Apply an HWTACACS server template to the domain.

    hwtacacs-server template-name

    By default, no HWTACACS server template is applied to a domain.

  6. (Optional) Configure other functions for the domain.




    Specify the domain state.

    state { active | block [ time-range time-name &<1–4> ] }

    When a domain is in the blocking state, users in this domain cannot log in. By default, a created domain is in the active state.

    Apply a user group to the domain.

    user-group group-name

    By default, no user group is applied to a domain.


    This command is supported only in the NAC common mode.

  7. (Optional) Run statistic enable

    Traffic statistics collection is enabled for users in the domain.

    By default, traffic statistics collection is disabled for users in a domain.

  8. (Optional) Configure a domain name parsing scheme.




    AAA view

    Exit from the domain view. quit


    Specify the domain name parsing direction.

    domainname-parse-direction { left-to-right | right-to-left }

    The domain name can be parsed from left to right, or from right to left.

    By default, the domain name is parsed from left to right.

    Set the domain name delimiter.

    domain-name-delimiter delimiter

    A domain name delimiter can be any of the following: \ / : < > | @ ' %.

    The default domain name delimiter is @.

    Specify the domain name location.

    domain-location { after-delimiter | before-delimiter }

    By default, the domain name is placed after the domain name delimiter.

Updated: 2019-04-20

Document ID: EDOC1100066170

Views: 27022

Downloads: 7

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Previous Next