< Home

Data Model

The configuration model file matching 802.1X access profile is huawei-nac-dot1x.yang.

Table 1 Data model

Object

Description

Value

Remarks

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile

Indicates that the request operation (creation or modification) object is an 802.1X access profile. This object is the root object. It is only used to contain sub-objects, but does not have any data meaning.

N/A

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/name

Indicates the name of the created 802.1X access profile.

The value is a string of 1 to 31 case-sensitive characters. It cannot be - or -- and cannot contain spaces or the following symbols: / \ : * ? " < > | @ ' %.

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/authentication-method

Indicates that an authentication mode is configured for 802.1X users.

Enumerated type:

  • chap: EAP termination authentication using the Challenge Handshake Authentication Protocol (CHAP)
  • pap: EAP termination authentication using the Password Authentication Protocol (PAP)
  • eap: relay authentication using the Extensible Authentication Protocol (EAP)

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/authorize-of-authentication-event

Indicates that network access rights are configured for users when the 802.1X client does not respond.

N/A

N/A

huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/unicast-trigger

Indicates whether 802.1X authentication triggered by unicast packets is enabled.

Boolean type:

  • true: enabled
  • false: disabled

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/handshake/enable

Indicates whether handshake with online 802.1X authentication users is enabled.

Boolean type:

  • true: enabled
  • false: disabled

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/trigger-packet

Indicates the type of packets that can trigger 802.1X authentication.

The value is of the enumerated type:

  • dhcp
  • arp

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/handshake/period-eth-trunk

Indicates the interval at which the device handshakes with an 802.1X client on an Eth-Trunk interface.

The value is an integer in the range from 30 to 7200, in seconds.

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/handshake/period-non-eth-trunk

Indicates the interval at which the device handshakes with an 802.1X client on a non-Eth-Trunk interface.

The value is an integer in the range from 5 to 7200, in seconds.

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/handshake/packet-type

Indicates the type of 802.1X authentication handshake packets.

The value is of the enumerated type:

  • request-identity
  • srp-sha1-part2

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/retry-function/max-retry

Indicates the maximum number of times an authentication request sent to an 802.1X user.

The value is an integer in the range from 1 to 10.

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/retry-function/client-time-out

Indicates the client authentication timeout interval.

The value is an integer in the range from 1 to 120, in seconds.

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/eap-notify-packet

Indicates whether to enable the device to send EAP packets with a code number to 802.1X users.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/port-control-function/mode

Indicates the authorization state of an interface.

The value is of the enumerated type:

  • auto: indicates the auto identification mode.
  • authorized-force: indicates the forcible authorization mode.
  • unauthorized-force: indicates the forcible unauthorized mode.

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/re-authenticate-function/re-authenticate-enable

Indicates whether to enable re-authentication for online 802.1X authentication users.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/re-authenticate-function/re-authenticate-period

Indicates the re-authentication interval for online 802.1X users.

The value is an integer in the range from 60 to 7200, in seconds.

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/dhcp-binding

Indicates whether to enable the device to automatically generate the DHCP snooping binding table.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

/huawei-nac-dot1x:dot1x-access/quiet-function/enable

Indicates whether to enable the quiet function for 802.1X authentication users.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

/huawei-nac-dot1x:dot1x-access/quiet-function/quiet-period

Indicates the quiet period for 802.1X authentication users who fail to be authenticated.

The value is an integer in the range from 1 to 3600, in seconds.

N/A

/huawei-nac-dot1x:dot1x-access/quiet-function/quiet-times

Indicates the maximum number of authentication failures within 60 seconds before the device quiets an 802.1X authentication user.

The value is an integer in the range from 1 to 10.

N/A

/huawei-nac-dot1x:dot1x-access/tx-period

Indicates the interval for sending authentication requests.

The value is an integer in the range from 1 to 120, in seconds.

N/A

/huawei-nac-dot1x:dot1x-access/url

Indicates the redirect URL for 802.1X authentication.

The value is a string of 1 to 200 case-sensitive characters without spaces and question marks (?). If the string is enclosed in double quotation marks (" "), the string can contain spaces.

N/A

/huawei-nac-dot1x:dot1x-access/multicast-trigger-function/enable

Indicates whether to enable the function of triggering 802.1X authentication through multicast packets.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

/huawei-nac-dot1x:dot1x-access/multicast-trigger-function/port-up-enable

Indicates whether to enable the function of triggering 802.1X authentication through multicast packets immediately after an interface goes Up.

The value is of the Boolean type:

  • true: enables the function.
  • false: disables the function.

N/A

/huawei-nac-dot1x:dot1x-access/configure-mode/unified-mode/dot1x-access-profile/server-down-no-response-enable

Indicates whether the function of not responding to the EAPoL-Start packets sent by clients when the AAA server is Down is enabled.

The value is of the Boolean type:

  • true: The function is enabled.
  • false: The function is disabled.

N/A
Parent Topic: Configuring an 802.1X Access Profile
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >