The access-author policy name command creates a user authentication event authorization policy and displays the user authentication event authorization policy view.
The undo access-author policy name command deletes the created user authentication event authorization policy.
By default, no user authentication event authorization policy is created.
Parameter |
Description |
Value |
|---|---|---|
policy-name |
Specifies the name of a user authentication event authorization policy. |
The value is a string of 1 to 32 case-sensitive characters without any space. The value cannot be set to - or --, and cannot contain the following characters: / \ : * ? " < > | @ ' %. NOTE:
The value of profile-name cannot be set to the
first character or first several characters of the name, and the name
itself, and it also cannot be the uppercase and lowercase combination
of the first character, first several characters, and the name. This
prevents the conflict with the access-author policy global command. |
Usage Scenario
Users need basic network access rights before they are authenticated. For example, the users need to download 802.1X clients and update the antivirus database. A user authentication event authorization policy can be used to bind the network access rights of users in each phase before authentication success to a user context profile. When a user goes online after a user authentication event authorization policy is applied to the device, the device adds the user to the context profile based on the user context identification result, and assigns the network access rights to the user based on the user authentication result.
Follow-up Procedure
In the user authentication event authorization policy view, run the match access-context-profile action command to configure the network access rights for users in each phase before authentication success.
In the system view, run the access-author policy global command to apply the user authentication event authorization policy.