< Home

Configuring Authentication-free Rules

This section provides a sample of configuring authentication-free rules using the merge method.

Table 1 Configuring authentication-free rules

Operation

XPATH

edit-config:merge

/huawei-nac:nac-access/authentication-free-rule-profile/free-acl/ipv4-acl-name

/huawei-nac:nac-access/authentication-free-rule-profile/free-rule/rule-id

/huawei-nac:nac-access/authentication-free-rule-profile/free-rule/source/source/source-any/any

/huawei-nac:nac-access/authentication-free-rule-profile/free-rule/source/source/source-ip/ip

/huawei-nac:nac-access/authentication-free-rule-profile/free-rule/source/source/source-ip/subnet/prefix-length/prefix-length

/huawei-nac:nac-access/authentication-free-rule-profile/free-rule/source/source/source-ip/subnet/net-mask/net-mask

/huawei-nac:nac-access/authentication-free-rule-profile/free-rule/source/source/interface/interface

/huawei-nac:nac-access/authentication-free-rule-profile/free-rule/source/source/vlan/vlan-id

Data Requirements

Table 2 Configuring authentication-free rules

Item

Data

Description

name

default_free_rule

Configure the free-rule profile named default_free_rule.

ipv4-acl-name

acl1

Configure the IPv4 ACL named acl1.

rule-id

37

Set the rule number to 37.

any

any

Set any condition.

ip

1.1.1.1

Set the IP address to 1.1.1.1.

prefix-length

24

Set the prefix length to 24.

net-mask

255.255.255.0

Set the mask to 255.255.255.0.

interface

GigabitEthernet0/0/1

Set the interface to GigabitEthernet0/0/1.

vlan-id

1

Set the VLAN ID to VLAN 1.

Request Example

# Configure an ACL to define an authentication-free rule.
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac:nac-access xmlns:hw-nac="urn:huawei:params:xml:ns:yang:huawei-nac">
        <hw-nac:authentication-free-rule-profile>
          <hw-nac:name>default_free_rule</hw-nac:name>
          <hw-nac:free-acl>
            <hw-nac:ipv4-acl-name>acl1</hw-nac:ipv4-acl-name>
          </hw-nac:free-acl>
        </hw-nac:authentication-free-rule-profile>
      </hw-nac:nac-access>
    </config>
  </edit-config>
</rpc>

# Configure any to define an authentication-free rule.

<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac:nac-access xmlns:hw-nac="urn:huawei:params:xml:ns:yang:huawei-nac">
        <hw-nac:authentication-free-rule-profile>
          <hw-nac:name>default_free_rule</hw-nac:name>
          <hw-nac:free-rule xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
            <hw-nac:rule-id>37</hw-nac:rule-id>
            <hw-nac:source>
              <hw-nac:any>any</hw-nac:any>
            </hw-nac:source>
          </hw-nac:free-rule>
        </hw-nac:authentication-free-rule-profile>
      </hw-nac:nac-access>
    </config>
  </edit-config>
</rpc>

# Configure the IP address and prefix to define an authentication-free rule.

<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac:nac-access xmlns:hw-nac="urn:huawei:params:xml:ns:yang:huawei-nac">
        <hw-nac:authentication-free-rule-profile>
          <hw-nac:name>default_free_rule</hw-nac:name>
          <hw-nac:free-rule xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
            <hw-nac:rule-id>37</hw-nac:rule-id>
            <hw-nac:source>
              <hw-nac:ip>1.1.1.1</hw-nac:ip>
              <hw-nac:prefix-length>24</hw-nac:prefix-length>
            </hw-nac:source>
          </hw-nac:free-rule>
        </hw-nac:authentication-free-rule-profile>
      </hw-nac:nac-access>
    </config>
  </edit-config>
</rpc>

# Configure the IP address and mask to define an authentication-free rule.

<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac:nac-access xmlns:hw-nac="urn:huawei:params:xml:ns:yang:huawei-nac">
        <hw-nac:authentication-free-rule-profile>
          <hw-nac:name>default_free_rule</hw-nac:name>
          <hw-nac:free-rule xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
            <hw-nac:rule-id>37</hw-nac:rule-id>
            <hw-nac:source>
              <hw-nac:ip>1.1.1.1</hw-nac:ip>
              <hw-nac:net-mask>255.255.255.0</hw-nac:net-mask>
            </hw-nac:source>
          </hw-nac:free-rule>
        </hw-nac:authentication-free-rule-profile>
      </hw-nac:nac-access>
    </config>
  </edit-config>
</rpc>

# Configure an interface to define an authentication-free rule.

?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac:nac-access xmlns:hw-nac="urn:huawei:params:xml:ns:yang:huawei-nac">
        <hw-nac:authentication-free-rule-profile>
          <hw-nac:name>default_free_rule</hw-nac:name>
          <hw-nac:free-rule xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
            <hw-nac:rule-id>37</hw-nac:rule-id>
            <hw-nac:source>
              <hw-nac:interface>GigabitEthernet0/0/1</hw-nac:interface>
            </hw-nac:source>
          </hw-nac:free-rule>
        </hw-nac:authentication-free-rule-profile>
      </hw-nac:nac-access>
    </config>
  </edit-config>
</rpc>

# Configure the VLAN ID to define an authentication-free rule.

<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac:nac-access xmlns:hw-nac="urn:huawei:params:xml:ns:yang:huawei-nac">
        <hw-nac:authentication-free-rule-profile>
          <hw-nac:name>default_free_rule</hw-nac:name>
          <hw-nac:free-rule xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
            <hw-nac:rule-id>37</hw-nac:rule-id>
            <hw-nac:source>
              <hw-nac:vlan-id>1</hw-nac:vlan-id>
            </hw-nac:source>
          </hw-nac:free-rule>
        </hw-nac:authentication-free-rule-profile>
      </hw-nac:nac-access>
    </config>
  </edit-config>
</rpc>

Response Example

# Sample of successful response.

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
  <ok/>
</rpc-reply>

# Sample of failed response.

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="5">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>invalid-value</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-nac:nac-access/authentication-free-rule-profile[name='default_free_rule']/free-rule[rule-id='37']/source/interface</error-path>
    <error-message>validation failed(Leafref "/ietf-interfaces:interfaces/ietf-interfaces:interface/ietf-interfaces:name" of value "sdfhsahda" points to a non-existing leaf.).</error-message>
  </rpc-error>
</rpc-reply>
Parent Topic: Creating an Authentication-Free Rule Profile
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic