No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


S600-E V200R013C00 Configuration Guide - User Access and Authentication

This document describes the configurations of User Access and Authentication Configuration, including AAA, NAC, and Policy Association.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring Voice Terminals to Go Online Without Authentication

(Optional) Configuring Voice Terminals to Go Online Without Authentication


When both data terminals (such as PCs) and voice terminals (such as IP phones) are connected to switches, NAC is configured on the switches to manage and control the data terminals. The voice terminals, however, only need to connect to the network without being managed and controlled. In this case, you can configure the voice terminals to go online without authentication on the switches. Then the voice terminals identified by the switches can go online without authentication.


If an 802.1X user initiates authentication through a voice terminal, a switch preferentially processes the authentication request. If the authentication succeeds, the terminal obtains the corresponding network access rights. If the authentication fails, the switch identifies the terminal type and enables the terminal to go online without authentication.

Pre-configuration Tasks

To enable the switches to identify the voice terminals, enable LLDP or configure OUI for the voice VLAN on the switches. For details, see Configuring Basic LLDP Functions in "LLDP Configuration" in the S600-E V200R013C00 Configuration Guide - Network Management and Monitoring or Configuring a Voice VLAN Based on a MAC Address in "Voice VLAN Configuration" in the S600-E V200R013C00 Configuration Guide - Ethernet Switching. If a voice device supports only CDP but does not support LLDP, configure CDP-compatible LLDP on the switch using lldp compliance cdp receive command.


  1. Run system-view

    The system view is displayed.

  2. Run authentication device-type voice authorize [ user-group group-name ]

    The voice terminals are enabled to go online without authentication.

    By default, voice terminals are disabled from going online without authentication.


    Voice terminals can obtain the corresponding network access rights after they pass authentication and go online, when user-group group-name is not specified. When user-group group-name is specified, voice terminals can obtain the network access rights specified by the user group after they go online. To use a user group to define network access rights for voice terminals, run the user-group group-name command to create a user group and configure network authorization information for the users in the group. Note that the user group takes effect only after it is enabled.

    If you run this command repeatedly, the latest configuration overrides the previous ones.

Updated: 2019-04-20

Document ID: EDOC1100066170

Views: 27329

Downloads: 7

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Previous Next