Configuring AS Access Authentication

Context

An AS needs to be authenticated before connecting to an SVF system by default. An AS is authenticated using a blacklist or whitelist. An AS in the blacklist cannot connect to an SVF system, but an AS in the whitelist can connect to an SVF system. An AS that is neither in the blacklist nor in the whitelist fails the authentication. You need to run the confirm { all | mac-address mac-address } command to allow all ASs or a specified AS to pass the authentication.

You can also configure non-authentication for ASs so that an AS can connect to an SVF system regardless of whether it is in a blacklist or whitelist. Non-authentication has security risks. Therefore, authentication is recommended.

Procedure

Authentication is required before an AS connects to an SVF system.
1. Run system-view
  The system view is displayed.
2. Run as-auth
  The AS authentication view is displayed.
3. Run undo auth-mode
  The AS needs to be authenticated to connect to an SVF system.
  
  By default, authentication is required before an AS connects to an SVF system.
4. Run blacklist mac-address mac-address1 [ to mac-address2 ]
  A blacklist is configured for AS authentication. A maximum of 128 blacklists can be configured.
5. Run whitelist mac-address mac-address1 [ to mac-address2 ]
  A whitelist is configured for AS authentication. A maximum of 512 whitelists can be configured.
  
  If there are ASs that are neither in the whitelist nor in the blacklist, you can run the confirm { all | mac-address mac-address } command to allow all ASs or a specified AS to pass the authentication.
No authentication is required before an AS connects to an SVF system.
1. Run system-view
  The system view is displayed.
2. Run as-auth
  The AS authentication view is displayed.
3. Run auth-mode none
  The AS does not need to be authenticated to connect to an SVF system.
  
  By default, authentication is required before an AS connects to an SVF system.

Verify the configuration.

Run the display as blacklist command to check the AS blacklist.
Run the display as whitelist command to check the AS whitelist.
Run the display as unauthorized record command to check the ASs that fail the authentication.
Run the display uni-mng unauthen-user command to check information about non-authenticated users on an AS.
Run the display uni-mng authen-user command to check authenticated user information on an AS.
Run the display uni-mng unauthen-user offline-record command to check offline records of non-authenticated users on an AS.