No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R013C00 Configuration Guide - User Access and Authentication

This document describes the configurations of User Access and Authentication Configuration, including AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring Re-authentication for Users

(Optional) Configuring Re-authentication for Users

Context

The device records entries for pre-connection users and users who fail to be authenticated, and grants corresponding network access rights to the users. For details, see (Optional) Configuring Authentication Event Authorization Information. To ensure that users are successfully authenticated in a timely manner and obtain normal network access rights, you can configure the device to re-authenticate users who fail to be authenticated based on user entries.

If a user fails to be re-authenticated before the aging time expires, the device deletes the corresponding user entry and reclaims the granted network access rights. If a user is successfully re-authenticated, the device adds the user to entries of authenticated users and grants corresponding network access rights to the user.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run authentication-profile name authentication-profile-name

    The authentication profile view is displayed.

  3. Run authentication timer re-authen { pre-authen re-authen-time | authen-fail re-authen-time }

    A re-authentication interval is configured for pre-connection users and users who fail to be authenticated.

    By default, the device re-authenticates pre-connection users and users who fail to be authenticated at an interval of 60 seconds.

    NOTE:

    The device adds users with the authen-fail or authen-server-down authorization and pre-connection users to entries of users who fail to be authenticated or pre-connection users. By default, the device re-authenticates users in the entries. You can perform the preceding operations to change the re-authentication interval.

    To reduce the impact on the device performance when many users exist, the user re-authentication interval may be longer than the configured re-authentication interval.

  4. Run authentication event authen-server-up action re-authen

    The device is enabled to re-authenticate users in the survival state when the authentication server changes from Down or forcible Up to Up.

    By default, the device does not re-authenticate users in the survival state when the authentication server changes from Down or forcible Up to UP.

    NOTE:

    After the status of the RADIUS server is set to Down, you can run the radius-server dead-time dead-time command to set the interval for the RADIUS server to return to the active state. When the value of dead-time expires, the status of the RADIUS server is set to forcible Up. When the server successfully transmits and receives packets, the status is set to Up. The device can re-authenticate users when the server changes from Down or forcible Up to Up.

  5. Run authentication event authen-server-down action close re-authen

    Re-authentication is disabled when the authentication server is Down.

    By default, re-authentication is enabled when the authentication server is Down.

    In a re-authentication scenario, after the authentication event action authorize keep command is run, online users retain the original network access rights when the authentication server is Down. If re-authentication is performed on these users, the client frequently initiates re-authentication and may remain silent after multiple times. As a result, these users cannot access the network. To prevent this problem, you are advised to disable re-authentication when the authentication server is Down.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100066170

Views: 20916

Downloads: 6

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next