SupportDocumentationSwitchesCampus SwitchS7700&S8700&S9700&S12700&S16700Configuration & CommissioningConfiguration Guide

S12700 and S12700E V200R019C10 Configuration Guide - User Access and Authentication

This document describes the configurations of User Access and Authentication Configuration, including AAA, NAC, Policy Association, PPPoE, DAA, IP Session, and Kerberos Snooping.

(Optional) Configuring Static Users

(Optional) Configuring Static Users

Context

In network deployment, static IP addresses are assigned to dumb terminals such as printers and servers. These users can be configured as static users for flexible authentication.

After static users are configured, the device can use static user information such as their IP addresses as the user names to authenticate the users only if one of the 802.1X authentication, MAC address authentication, and Portal authentication modes is enabled on the interfaces connected to the static users.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run static-user start-ip-address [ end-ip-address ] [ vpn-instance vpn-instance-name ] [ domain-name domain-name | interface interface-type interface-number [ detect ] | mac-address mac-address | vlan vlan-id | keep-online ] *

    The static user is configured.

    By default, no static user is configured.

    Only Layer 2 Ethernet interfaces and Layer 2 Eth-Trunk interfaces can be configured as static user interfaces. If an interface is added to an Eth-Trunk or switched to a Layer 3 interface, the static user function does not take effect.

    When the interface (interface interface-type interface-number) mapping static users is specified, the VLAN (vlan vlan-id) that the interface belongs to must be configured.

  3. Run static-user username macaddress format { with-hyphen [ normal ] [ colon ] | without-hyphen } [ uppercase ] [ password-with-macaddress ]

    The user name for authenticating a static user is set to a MAC address.

    By default, the user name for authenticating a static user is not set to a MAC address.

    This command takes priority over the static-user username format-include { ip-address | mac-address | system-name } command and static-user password cipher password command.

  4. Run static-user username format-include { ip-address | mac-address | system-name }

    The static user name for authentication is set.

    By default, the name of a static user consists of system-name and ip-address.

  5. Run static-user password cipher password

    The static user password for authentication is set.

    By default, the password for a static user in authentication not set.