Creating and Configuring a Domain

Procedure

1. Run system-view

   The system view is displayed.

2. Run aaa

   The AAA view is displayed.

3. Run domain domain-name [ domain-index domain-index ]

   A domain is created and the domain view is displayed, or the view of an existing domain is displayed.

   By default, the default and default_admin domains are available on the device. The default domain is used by common access users and the default_admin domain is used by administrators.

4. (Optional) Run state { active | block [ time-range time-name &<1-4> ] }

   The domain state is configured.

   By default, a domain is in active state after being created. When a domain is in blocking state, users in this domain cannot log in.

5. (Optional) Configure the traffic statistics collection function.
   1. Run statistic enable

      The traffic statistics collection function is enabled for domain users.

      By default, the traffic statistics collection is disabled for domain users.

   2. Run accounting dual-stack separate

      The function of collecting statistics on IPv4 and IPv6 traffic separately is enabled.

      By default, statistics on IPv4 and IPv6 traffic are collected together.

6. (Optional) Configure the DNS function, which takes effect for all domains on the device.

   1. Run quit

      Return to the AAA view.

   2. Run domainname-parse-direction { left-to-right | right-to-left }

      The domain name resolution direction is configured.

      By default, a domain name is parsed from left to right.

   3. Run domain-name-delimiter delimiter

      The domain name delimiter is configured.

      By default, the domain name delimiter is @.

   4. Run domain-location { after-delimiter | before-delimiter }

      The position of a domain name is configured.

      By default, a domain name is placed behind the domain name delimiter.

   

   The DNS function can also be configured in the authentication profile view. If the DNS function is configured in both the AAA view and authentication profile view, the device preferentially uses the configuration in the authentication profile, which applies only to wireless users.

7. (Optional) Configure the security string function.

   1. Run security-name enable

      The security string function is enabled.

      By default, the security string function is enabled.

   2. Run security-name-delimiter delimiter

      The security string delimiter is configured.

      By default, the security string delimiter is an asterisk (*).

      

      The security string delimiter can also be configured in the authentication profile view. If the security string delimiter is configured in both the AAA view and authentication profile view, the device preferentially uses the configuration in the authentication profile, which applies only to wireless users.

8. (Optional) Specify a permitted domain for wireless users. (This step applies only to wireless users.)

   Procedure	Command	Description
   Return to the system view.	quit	-
   Create an authentication profile and enter the authentication profile view.	authentication-profile name authentication-profile-name	By default, the device has six built-in authentication profiles: default_authen_profile, dot1x_authen_profile, mac_authen_profile, portal_authen_profile, dot1xmac_authen_profile, and multi_authen_profile.
   Specify a permitted domain for wireless users.	permit-domain name domain-name &<1-4>	By default, no permitted domain is specified for wireless users. After a permitted domain is specified in an authentication profile, only users in the permitted domain can be subject to authentication, authorization, and accounting.