Configuring an AS in Centralized Mode (Global Batch Configuration)

Context

In global configuration mode, the SVF forwarding mode, AS URL encoding function, and authentication-free rules can be configured.

Procedure

Run system-view
The system view is displayed.

Configure global service functions on the parent.

Service Function	Procedure	Description
Configure the SVF forwarding mode.	Run the uni-mng command to enter the uni-mng view. Run the forward-mode centralized command to set the SVF forwarding mode to centralized forwarding.	An SVF system supports two forwarding modes: centralized forwarding and distributed forwarding. In centralized forwarding mode, traffic forwarded by the local AS and forwarded between ASs is sent to the parent for forwarding. In distributed forwarding mode, an AS directly forwards local traffic and the parent forwards traffic between ASs. By default, the forwarding mode of an SVF system is distributed forwarding.
Configure the URL encoding function for ASs.	Run the uni-mng command to enter the uni-mng view. Run the portal url-encode disable command to disable the URL encoding function for ASs.	To improve web application security, data from untrustworthy sources must be encoded before being sent to clients. URL encoding is most commonly used in web applications. After URL encoding is enabled for ASs, special characters in redirect URLs are converted to secure formats, preventing clients from mistaking them for syntax signs or instructions and unexpectedly modifying the original syntax. In this way, cross-site scripting attacks and injection attacks are prevented. By default, URL encoding is enabled in ASs. This function can be disabled using the portal url-encode disable command.
Configure authentication-free rules.	For details, see (Optional) Configuring Authentication-Free Authorization Information for Users in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - User Management.	In addition to the configurations in service profiles, the parent delivers the configured Portal authentication-free rules to ASs. Authentication-free rules 0 to 127 can be delivered to ASs of the S5720-EI model; authentication-free rules 0 to 31 can be delivered to ASs of other models; authentication-free rules outside the two ranges will not be delivered to ASs. You cannot specify the interface parameter when the parent delivers authentication-free rules to an AS.
Create service VLANs for ASs.	Run the uni-mng command to enter the uni-mng view. Run the as service-vlan authorization {vlan-id1 [ to vlan-id2 ] } &<1-16> command to create service VLANs for ASs.	By default, all interfaces on an AS belong to the default VLAN, that is, VLAN 1.
Enable IGMP snooping for a service VLAN on ASs.	Run the uni-mng command to enter the uni-mng view. Run the as service-vlan igmp-snooping {vlan-id1 [ to vlan-id2 ] } &<1-16> command to enable IGMP snooping for a specified service VLAN on ASs.	By default, IGMP snooping is disabled for service VLANs on ASs.
Enable the function of retaining the authentication configuration after an AS goes offline.	Run the uni-mng command to enter the uni-mng view. Run the as authentication configuration revert disable command to enable the function of retaining the authentication configuration after an AS goes offline.	By default, the authentication configuration is cleared after an AS goes offline.

Run commit as { name as-name | all }
The configuration is committed.

Before submitting the authentication-free rule configuration to an AS, you need to enter the uni-mng view. After submitting the configuration, you can run the display uni-mng commit-result free-rule command to check the authentication-free rule delivery result.

Example

This example shows how to perform configuration on the parent to create VLAN 20 and VLAN 30 for ASs.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as service-vlan authorization 20 30
[HUAWEI-um] commit as all