< Home

Configuring a Forcible Domain Based on the Access Type

This section provides a sample of configuring a forcible domain based on the access type using the merge method. You can also use the create method to configure a forcible domain based on the access type.

Table 1 Configuring a forcible domain based on the access type

Operation

XPATH

edit-config:merge

/huawei-nac:nac-access/configure-mode/unified-mode/authentication-profile/force-domain/access-force-domain/domain-name

/huawei-nac:nac-access/configure-mode/unified-mode/authentication-profile/force-domain/access-force-domain/access-type

Data Requirement

Table 2 Configuring a forcible domain based on the access type

Item

Data

Description

domain-name

domain2

Configure a forcible domain based on the access type.

The domain must exist on the switch.

Request Example

<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config>
   <aaa xmlns="urn:huawei:params:xml:ns:yang:huawei-aaa">
    <aaa-domain xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:operation="merge">
     <name>domain2</name>
     <vsys>ads</vsys>
    </aaa-domain>
   </aaa>
   <nac-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac">
    <authentication-profile xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:operation="merge">
     <name>authen_pro</name>
     <force-domain>
      <access-force-domain>
       <access-type>dot1x</access-type>
       <domain-name>domain2</domain-name>
      </access-force-domain>
      <access-force-domain>
       <access-type>mac</access-type>
       <domain-name>domain2</domain-name>
      </access-force-domain>
      <access-force-domain>
       <access-type>portal</access-type>
       <domain-name>domain2</domain-name>
      </access-force-domain>
     </force-domain>
    </authentication-profile>
   </nac-access>
  </config>
 </edit-config>
</rpc>

Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="51">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>config/undo access domain failed</error-message>
    <error-info>Error on node /huawei-nac:nac-access/authentication-profile[name="authen_pro"]/force-domain/access-force-domain[access-type="dot1x"]/domain-name</error-info>
  </rpc-error>
</rpc-reply>
Parent Topic: Configuring an Authentication Profile
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >