< Home

group-policy controller

Function

The group-policy controller command enables the free mobility function.

The undo group-policy controller command restores the default configuration.

By default, the free mobility function is disabled.

This command is supported only when the device interoperates with Agile Controller-Campus.

Format

group-policy controller ip-address1 [ port-number1 ] [ backup ip-address2 [ port-number2 ] ] password password [ src-ip ip-address3 ] [ vpn-instance vpn-instance-name ]

undo group-policy controller

Parameters

Parameter Description Value

ip-address1 [ port-number1 ]

Specifies the IP address of the active controller and the port number for exchanging packets between the active controller and device.

If no port number is configured, the default port number 5222 is used.

ip-address1: The value is in dotted decimal notation.

port-number1: The value is an integer in the range from 1 to 65535.

backup ip-address2 [ port-number2 ]

Specifies the IP address of the standby controller and the port number for exchanging packets between the standby controller and device.

If no port number is configured, the default port number 5222 is used.

ip-address2: The value is in dotted decimal notation.

port-number2: The value is an integer in the range from 1 to 65535.

password password

Specifies the password for connecting the device to controllers.

The password configured on the device must be the same as that configured on controllers.

The password configured on a controller needs to meet the following rules:
  • The length should be between 8 to 32 characters. (The password can be a plain text of 8 to 32 characters or a cipher text of 48 to 68 characters.)
  • The password must contain at least two types of the following characters: digits, uppercase letters, lowercase letters, and special characters.
  • The password cannot contain more than two consecutive identical characters.
  • The password cannot be the same as the user name or the reverse of the user name.

src-ip ip-address3

Specifies the source IP address that the device uses to communicate with a controller.

If this parameter is not configured, the device selects one of its own IP addresses to communicate with the controller.

The value is in dotted decimal notation.

vpn-instance vpn-instance-name

Specifies the name of a VPN instance to which the specified source IP address belongs.

The value must be the name of an existing VPN instance.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The free mobility function allows a user to obtain the same network access policy regardless of the user's location and IP address used. In addition, user access policies only need to be uniformly deployed and managed on controllers, simplifying network deployment.

After the free mobility function is enabled using the group-policy controller command on an access device, the device can connect to the specified controller. After you deploy network access policies for users on the controller, the controller delivers the policies to devices. The devices then can control users' network access rights.

Precautions

This command cannot be run on a device if a controller delivers services to the device.

Example

# Enable the free mobility function, and set the controller IP address to 10.1.1.11 and the connection password to huawei@123.

<HUAWEI> system-view
[HUAWEI] group-policy controller 10.1.1.11 password huawei@123
Parent Topic: Free Mobility Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >