No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R013C00 Configuration Guide - User Access and Authentication

This document describes the configurations of User Access and Authentication Configuration, including AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring the User Group Function

(Optional) Configuring the User Group Function

Context

In NAC applications, there are many access users, but user types are limited. You can create user groups on the device and associate each user group to an ACL. In this way, users in the same group share rules in the ACL.

After creating user groups, you can set priorities and VLANs for the user groups, so that users in different user groups have different priorities and network access rights. The administrator can then flexibly manage users.

NOTE:

When the user group function is enabled, ACL rules are delivered to each user and the user group function cannot be used to save ACL resources.

The priority of the user group authorization information delivered by the authentication server is higher than that of the user group authorization information applied in the AAA domain. If the user group authorization information delivered by the authentication server cannot take effect, the user group authorization information applied in the AAA domain is used. For example, if only user group B is configured on the device and the group authorization information is applied in the AAA domain when the authentication server delivers authorization information about user group A, the authorization information about user group A cannot take effect and the authorization information about user group B is used. To make the user group authorization information delivered by the authentication server take effect, ensure that this user group is configured on the device.

If the authentication server authorizes multiple attributes to the device and the authorized attributes overlap the existing configurations on the device, the attributes take effect based on the minimum rule. For example, if the authentication server authorizes a VLAN and user group to the device and the VLAN parameters are configured in the user group on the device, the VLAN authorized by the authentication server takes effect.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run user-group group-name

    A user group is created and the user group view is displayed.

  3. Run acl-id acl-number

    An ACL is bound to the user group.

    By default, no ACL is bound to a user group.

    NOTE:

    Before running this command, ensure that the ACL has been created using the acl (system view) or acl name command and ACL rules have been configured using the rule command.

  4. Run quit

    Return to the system view.

  5. Run user-group group-name enable

    The user group function is enabled.

    The user group configuration takes effect only after the user group function is enabled.

    By default, the user group function is disabled.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100066170

Views: 23322

Downloads: 6

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next