No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R013C00 Configuration Guide - User Access and Authentication

This document describes the configurations of User Access and Authentication Configuration, including AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring Network Access Rights for Users in Different Authentication Stages

(Optional) Configuring Network Access Rights for Users in Different Authentication Stages

Context

To grant users rights to access certain network resources during access authentication, you can configure network access rights for users.

  • pre-authen: specifies the network access rights granted to users before authentication starts.
  • authen-fail: specifies the network access rights granted to users when authentication fails.
  • authen-server-down: specifies the network access rights granted to users when the authentication server does not respond.
NOTE:

This function enabled for a Layer 2 physical interface is only applicable to built-in Portal authentication.

NOTE:
The priority of authentication event on the interface is higher than the priority of authentication event in the system view, and higher than the priority of guest VLAN, restrict VLAN, or critical VLAN.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Configure network access rights for users in the system view, Layer 2 physical interface view or VLANIF interface view.

    View

    Step

    System view

    Run the authentication event { pre-authen |authen-fail | authen-server-down } { vlan vlan-id | user-group group-name } command to configure the network access rights in different authentication stages.

    By default, no network access right is granted to users in different authentication stages.

    NOTE:

    The VLAN parameter is valid for built-in Portal authentication.

    Interface view

    1. Run the interface interface-type interface-number command to enter the interface view.

    2. Configure the network access rights granted to users in different authentication stages. The command has different syntax when it is executed in the Layer 2 physical interface view and VLANIF interface view.
      • Layer 2 physical interface view: Run the authentication event { pre-authen |authen-fail | authen-server-down } { vlan vlan-id | user-group group-name } command to configure the network access rights in different authentication stages.
      • VLANIF interface view: authentication event { authen-fail | authen-server-down } user-group group-name
    3. Run the quit command to return to the system view.

    By default, no network access right is granted to users in different authentication stages.

  3. (Optional) Set the timeout period of the network access rights granted to users in different authentication stages. The configuration can be performed in the system view or interface view.

    View

    Step

    System view

    Run the authentication event { pre-authen | authen-fail | authen-server-down } session-timeout session-time command to set the timeout period of the network access rights granted to users in different authentication stages.

    By default, the timeout period of the network access rights granted to users is 15 minutes.

    Interface view
    1. Run the interface interface-type interface-number command to enter the interface view.

    2. Run the authentication event { pre-authen | authen-fail | authen-server-down } session-timeout session-time command to set the timeout period of the network access rights granted to users in different authentication stages.

      By default, the timeout period of the network access rights granted to users is 15 minutes.

    3. Run the quit command to return to the system view.

  4. (Optional) Configure the device to return an authentication failure packet when a user fails in authentication or the authentication server does not respond. The configuration can be performed in the system view or interface view.

    View

    Step

    System view

    Run the authentication event { authen-fail | authen-server-down } response-fail command to configure the device to return an authentication failure packet when a user fails in authentication or the authentication server does not respond.

    By default, the device returns an authentication success packet when a user fails in authentication or the authentication server does not respond.

    Interface view
    1. Run the interface interface-type interface-number command to enter the interface view.

    2. Run the authentication event { authen-fail | authen-server-down } response-fail command to configure the device to return an authentication failure packet when a user fails in authentication or the authentication server does not respond.

    By default, the device returns an authentication success packet when a user fails in authentication or the authentication server does not respond.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100066170

Views: 20691

Downloads: 6

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next