< Home

Configuring a UCL Group

Context

Users must obtain authorization information before going online. You can configure a UCL group to manage authorization information about users.

Only the NAC common mode supports authorization by a UCL group.

Procedure

  • Configure an authorization UCL group.

    Step

    Command

    Remarks

    Enter the system view.

    system-view

    Create a UCL group.

    ucl-group group-index [ name group-name ]

    By default, no UCL group is created.

    (Optional) Configure an IP address for the static UCL group.

    ucl-group ip ip-address { mask-length | ip-mask } { group-index | name group-name } [ escape ]

    By default, no IP address is configured for a static UCL group.

    NOTE:

    IP addresses in static UCL groups are only supported by S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S6720-HI, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, S6720-EI, and S6720S-EI.

    (Optional) Configure a domain name for the static UCL group.

    ucl-group domain domain-name domain-name { group-index | name group-name }

    By default, no domain name is configured for a static UCL group.

    NOTE:

    Only the S5720-HI, S5730-HI, S5731-H, S5731S-H, S6720-HI, S5732-H, S6730-H, S6730S-H, and S6730S-HI support domain names in static UCL groups.

    Configure a user ACL or user ACL6.

    For details, see Configuring a User ACL or User ACL6 under "ACL Configuration" in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - Security.

    The user ACL or user ACL6 filters packets based on the UCL group.

    Configure ACL-based packet filtering.

    traffic-filter inbound acl [ ipv6 ] acl-number

    By default, ACL-based packet filtering is not configured.

Parent Topic: (Optional) Configuring Authorization Information
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >