The configuration model files matching policy association are ietf-interfaces.yang, huawei-nac.yang, and huawei-aaa.yang.
Object |
Description |
Value |
Remarks |
|---|---|---|---|
/huawei-nac:nac-access/policy-association/as-access/controller-ip |
Indicates an IP address of an authentication control device. |
The value is in dotted decimal notation. |
Only the authentication access device supports this object. |
/huawei-nac:nac-access/policy-association/as-access/vlanif |
Indicates the source VLANIF interface of the CAPWAP tunnel established between the authentication access device and authentication control device. |
The value is an integer that ranges from 1 to 4094. |
Only the authentication access device supports this object. |
/huawei-nac:nac-access/policy-association/as-auth/auth-mode |
Sets the authentication access device authentication mode to none authentication. |
The value can only be set to none. By default, authentication is required when an authentication access device establishes a CAPWAP tunnel with an authentication control device. |
Only the authentication control device supports this object. |
/huawei-nac:nac-access/policy-association/as-auth/whitelist-mac-address |
Adds the specified MAC address to an authentication access device authentication whitelist so that the authentication access device with this MAC address does not need to be authenticated when establishing a CAPWAP tunnel with the authentication control device. |
The value is a character string. Multiple MAC addresses can be configured. |
Only the authentication control device supports this object. |
/ietf-interfaces:interfaces/interface/huawei-nac:police-gang-control/access-point/ucl-policy-enabled |
Indicates whether a control point that directly forwards user traffic is configured to filter user traffic based on a user ACL before forwarding the traffic. |
The value is of the Boolean type:
The default value is false. |
Only the S5720-HI, S5730-HI, S6720-HI, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, S5731-H, S5731S-H, LE1D2S04SEC0 card, LE1D2X32SEC0 card, LE1D2H02QEC0 card, and X series cards support this object. |
ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-nac:police-gang-control/huawei-nac:access-point/huawei-nac:enable |
Indicates whether to enable the remote access control function on the interface of the authentication access device. |
The value is of the Boolean type:
The default value is false. |
Only the authentication access device supports this object. |
ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-nac:police-gang-control/huawei-nac:access-point/huawei-nac:open |
Indicates whether to disable right control of the access point. |
The value is of the Boolean type:
The default value is false. |
Only the authentication access device supports this object. |
ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-nac:police-gang-control/huawei-nac:access-point/huawei-nac:max-user-num |
Indicates the maximum number of access users allowed on an interface of an authentication access device. |
The value is an integer in the range from 1 to 256. |
Only the authentication access device supports this object. |
/huawei-aaa:aaa/service-scheme/name /huawei-aaa:aaa/service-scheme/remote-authorize/authorize-parameters |
Configures user authorization information to be delivered to authentication access devices. |
The value is the combination of ACL, UCL group, and CAR. |
Only the authentication control device supports this object. |
/huawei-aaa:aaa/service-scheme/name /huawei-aaa:aaa/service-scheme/local-authorize |
Configures user authorization information to be delivered to authentication control devices. |
The value is the combination of ACL, UCL group, and CAR. |
Only the authentication control device supports this object. |
/huawei-nac:nac-access/policy-association/user-sync/enable |
Indicates whether to configure user information synchronization on an authentication access device. |
The value is of the Boolean type:
The default value is true. |
Only the authentication access device supports this object. |
/huawei-nac:nac-access/policy-association/user-sync/interval |
Specifies the interval at which an authentication access device synchronizes user information. |
The value is an integer that ranges from 60 to 3600, in seconds. The default value is 60. |
Only the authentication access device supports this object. |
/huawei-nac:nac-access/policy-association/user-detect/enable |
Indicates whether to configure the online user detection function on an authentication access device. |
The value is of the Boolean type:
The default value is true. |
Only the authentication access device supports this object. |
/huawei-nac:nac-access/policy-association/user-detect/interval |
Specifies the online user detection interval. |
The value is an integer that ranges from 1 to 65535, in seconds. The default value is 15. |
Only the authentication access device supports this object. |
/huawei-nac:nac-access/policy-association/user-detect/retry-times |
Specifies the number of online user detection packet retransmissions. |
The value is an integer that ranges from 1 to 255. The default value is 3. |
Only the authentication access device supports this object. |
/huawei-nac:nac-access/policy-association/control-down-offline/control-down-offline/delay/delay |
Configures the user logout delay on an authentication access device if a control tunnel is faulty. |
The value is an integer that ranges from 1 to 60, in seconds. The default value is 0, indicating that users immediately go offline if a control tunnel is faulty. |
Only the authentication access device supports this object. |
/huawei-nac:nac-access/policy-association/control-down-offline/control-down-offline/unlimited/unlimited |
Indicates whether to configure users not to go offline on an authentication access device if a control tunnel is faulty. |
The value is of the Boolean type:
The default value is false. |
Only the authentication access device supports this object. |
/huawei-nac:nac-access/policy-association/speed-limit/max-num-value |
Configures the maximum number of user association and disassociation request messages sent by an authentication access device. |
The value is an integer that ranges from 1 to 65535. The default value is 60. |
Only the authentication access device supports this object. |
/huawei-nac:nac-access/policy-association/speed-limit/interval |
Configures the interval for an authentication access device to send user association and disassociation request messages. |
The value is an integer that ranges from 1 to 65535, in seconds. The default value is 30. |
Only the authentication access device supports this object. |
/huawei-nac:nac-access/policy-association/alarm-restrain/enable |
Indicates whether to configure an authentication access device to suppress alarms that are generated due to excess associated users. |
The value is of the Boolean type:
The default value is true. |
Only the authentication access device supports this object. |
/huawei-nac:nac-access/policy-association/alarm-restrain/period |
Configures a period for an authentication access device to suppress alarms that are generated due to excess associated users. |
The value is an integer that ranges from 60 to 604800, in seconds. The default value is 300. |
Only the authentication access device supports this object. |
/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-nac:police-gang-control/huawei-nac:user-sync/enable |
Indicates whether to configure user information synchronization on an authentication control device. |
The value is of the Boolean type:
The default value is true. |
Only the authentication control device supports this object. |
/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-nac:police-gang-control/huawei-nac:user-sync/interval |
Specifies the interval at which an authentication control device synchronizes user information. |
The value is an integer that ranges from 60 to 3600, in seconds. The default value is 60. |
Only the authentication control device supports this object. |
/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-nac:police-gang-control/huawei-nac:user-sync/retry-times |
Specifies the maximum number of user information synchronization attempts on an authentication control device. |
The value is an integer that ranges from 5 to 300. The default value is 10. |
Only the authentication control device supports this object. |
/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-nac:police-gang-control/huawei-nac:control-down-offline/huawei-nac:control-down-offline/huawei-nac:delay/huawei-nac:delay |
Configures the user logout delay on an authentication control device if a control tunnel is faulty. |
The value is an integer that ranges from 1 to 60, in seconds. The default value is 0, indicating that users immediately go offline if a control tunnel is faulty. |
Only the authentication control device supports this object. |
/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-nac:police-gang-control/huawei-nac:control-down-offline/huawei-nac:control-down-offline/huawei-nac:unlimited/huawei-nac:unlimited |
Indicates whether to configure users not to go offline on an authentication control device if a control tunnel is faulty. |
The value is of the Boolean type:
The default value is false. |
Only the authentication control device supports this object. |
/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-nac:police-gang-control/huawei-nac:open-ucl-policy-enable |
Indicates whether to configure a control point to filter user traffic based on a user ACL before forwarding the traffic. |
The value is of the Boolean type:
The default value is false. |
Only the authentication control device supports this object. |