< Home

Configuring Network Access Rights for Users in Each Phase Before Authentication

This section provides a sample of configuring network access rights for users in each phase before authentication using the merge method. You can also use the create method to configure network access rights for users in each phase before authentication.

Table 1 Configuring network access rights for users in each phase before authentication

Operation

XPATH

edit-config:merge

/huawei-nac:nac-access/configure-mode/unified-mode/authentication-profile/authorize-of-authentication-event/authentication-event

/huawei-nac:nac-access/configure-mode/unified-mode/authentication-profile/authorize-of-authentication-event/response-fail

/huawei-nac:nac-access/configure-mode/unified-mode/authentication-profile/authorize-of-authentication-event/vlan-id

/huawei-nac:nac-access/configure-mode/unified-mode/authentication-profile/authorize-of-authentication-event/service-scheme

/huawei-nac:nac-access/configure-mode/unified-mode/authentication-profile/authorize-of-authentication-event/ucl-group

Data Requirement

Table 2 Configuring network access rights for users in each phase before authentication

Item

Data

Description

name

authen_pro

Configure network access rights for users in each phase before authentication.

authentication-event

pre-authen

authen-fail

authen-server-down

vlan-id 1200

1200

response-fail

true

service-scheme

lsw_service

ucl-group

lsw_ucl

Request Example

<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <nac-access xmlns="urn:huawei:params:xml:ns:yang:huawei-nac">
        <authentication-profile>
          <name>authen_pro</name>
          <authorize-of-authentication-event xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
            <authentication-event>pre-authen</authentication-event>
            <vlan-id>1200</vlan-id>
          </authorize-of-authentication-event>
    <authorize-of-authentication-event xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
            <authentication-event>authen-fail</authentication-event>
   <response-fail>true</response-fail>
            <service-scheme>lsw_service</service-scheme>
          </authorize-of-authentication-event>
    <authorize-of-authentication-event xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
            <authentication-event>authen-server-down</authentication-event>
   <response-fail>true</response-fail>
            <ucl-group>lsw_ucl</ucl-group>
          </authorize-of-authentication-event>
        </authentication-profile>
      </nac-access>
    </config>
  </edit-config>
</rpc>

Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_012824316d704d43adb16b1a4245d273">
 <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="57">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Authorize event failed</error-message>
    <error-info>Error on node /huawei-nac:nac-access/authentication-profile[name="authen_pro"]/authorize-of-authentication-event[authentication-event="authen-fail"]</error-info>
  </rpc-error>
</rpc-reply>
Parent Topic: Configuring an Authentication Profile
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >