(Optional) Configuring Network Access Rights for Users in Different Authentication Stages

Context

To grant users rights to access certain network resources during access authentication, you can configure network access rights for users.

pre-authen: specifies the network access rights granted to users before authentication starts.
authen-fail: specifies the network access rights granted to users when authentication fails.
authen-server-down: specifies the network access rights granted to users when the authentication server does not respond.

This function enabled for a Layer 2 physical interface is only applicable to built-in Portal authentication.

The priority of authentication event on the interface is higher than the priority of authentication event in the system view, and higher than the priority of guest VLAN, restrict VLAN, or critical VLAN.

Procedure

Run system-view
The system view is displayed.

Configure network access rights for users in the system view, Layer 2 physical interface view or VLANIF interface view.

View	Step
System view	Run the authentication event { pre-authen \|authen-fail \| authen-server-down } { vlan vlan-id \| user-group group-name } command to configure the network access rights in different authentication stages. By default, no network access right is granted to users in different authentication stages. NOTE: The VLAN parameter is valid for built-in Portal authentication.
Interface view	Run the interface interface-type interface-number command to enter the interface view. Configure the network access rights granted to users in different authentication stages. The command has different syntax when it is executed in the Layer 2 physical interface view and VLANIF interface view. Layer 2 physical interface view: Run the authentication event { pre-authen \|authen-fail \| authen-server-down } { vlan vlan-id \| user-group group-name } command to configure the network access rights in different authentication stages. VLANIF interface view: authentication event { authen-fail \| authen-server-down } user-group group-name Run the quit command to return to the system view. By default, no network access right is granted to users in different authentication stages.

View

Step

System view

Run the authentication event { pre-authen |authen-fail | authen-server-down } { vlan vlan-id | user-group group-name } command to configure the network access rights in different authentication stages.

By default, no network access right is granted to users in different authentication stages.

NOTE:

The VLAN parameter is valid for built-in Portal authentication.

Interface view

Run the interface interface-type interface-number command to enter the interface view.
Configure the network access rights granted to users in different authentication stages. The command has different syntax when it is executed in the Layer 2 physical interface view and VLANIF interface view.
- Layer 2 physical interface view: Run the authentication event { pre-authen |authen-fail | authen-server-down } { vlan vlan-id | user-group group-name } command to configure the network access rights in different authentication stages.
- VLANIF interface view: authentication event { authen-fail | authen-server-down } user-group group-name
Run the quit command to return to the system view.

By default, no network access right is granted to users in different authentication stages.

(Optional) Set the timeout period of the network access rights granted to users in different authentication stages. The configuration can be performed in the system view or interface view.

View	Step
System view	Run the authentication event { pre-authen \| authen-fail \| authen-server-down } session-timeout session-time command to set the timeout period of the network access rights granted to users in different authentication stages. By default, the timeout period of the network access rights granted to users is 15 minutes.
Interface view	Run the interface interface-type interface-number command to enter the interface view. Run the authentication event { pre-authen \| authen-fail \| authen-server-down } session-timeout session-time command to set the timeout period of the network access rights granted to users in different authentication stages. By default, the timeout period of the network access rights granted to users is 15 minutes. Run the quit command to return to the system view.

View

Step

System view

Run the authentication event { pre-authen | authen-fail | authen-server-down } session-timeout session-time command to set the timeout period of the network access rights granted to users in different authentication stages.

By default, the timeout period of the network access rights granted to users is 15 minutes.

Interface view

Run the interface interface-type interface-number command to enter the interface view.
Run the authentication event { pre-authen | authen-fail | authen-server-down } session-timeout session-time command to set the timeout period of the network access rights granted to users in different authentication stages.

By default, the timeout period of the network access rights granted to users is 15 minutes.
Run the quit command to return to the system view.

(Optional) Configure the device to return an authentication failure packet when a user fails in authentication or the authentication server does not respond. The configuration can be performed in the system view or interface view.

View	Step
System view	Run the authentication event { authen-fail \| authen-server-down } response-fail command to configure the device to return an authentication failure packet when a user fails in authentication or the authentication server does not respond. By default, the device returns an authentication success packet when a user fails in authentication or the authentication server does not respond.
Interface view	Run the interface interface-type interface-number command to enter the interface view. Run the authentication event { authen-fail \| authen-server-down } response-fail command to configure the device to return an authentication failure packet when a user fails in authentication or the authentication server does not respond. By default, the device returns an authentication success packet when a user fails in authentication or the authentication server does not respond.

View

Step

System view

Run the authentication event { authen-fail | authen-server-down } response-fail command to configure the device to return an authentication failure packet when a user fails in authentication or the authentication server does not respond.

By default, the device returns an authentication success packet when a user fails in authentication or the authentication server does not respond.

Interface view

Run the interface interface-type interface-number command to enter the interface view.
Run the authentication event { authen-fail | authen-server-down } response-fail command to configure the device to return an authentication failure packet when a user fails in authentication or the authentication server does not respond.

By default, the device returns an authentication success packet when a user fails in authentication or the authentication server does not respond.