< Home

ucl-group domain

Function

The ucl-group domain command configures a domain name in a static UCL group.

The undo ucl-group domain command deletes a domain name from a static UCL group.

By default, no domain name is configured in a static UCL group.

Only the S5720-HI, S5730-HI, S5731-H, S5731S-H, S6720-HI, S5732-H, S6730-H, S6730S-H, and S6730S-HI support domain names in static UCL groups.

Format

ucl-group domain domain-name domain-name { group-index | name group-name }

undo ucl-group domain { domain-name domain-name | group-index | name group-name | all }

Parameters

Parameter Description Value

domain-name domain-name

Specifies a domain name in a static UCL group.

The value is a string of 3 to 255 case-sensitive characters that can contain letters, digits, and special characters (_ . - *), but not spaces.

A maximum of one asterisk (*) is supported. If a domain name contains an asterisk (*) at the beginning, the second character must be a period (.). If a domain name contains an asterisk (*) at the end, the last second character must be a period (.).

group-index

Specifies the index of a static UCL group.

The value is an integer in the range from 1 to 64000 for the S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, S6720-HI, and S5720-HI, and from 1 to 48 for the S5720-EI, S6720-EI, and S6720S-EI.

name group-name

Specifies the name of a static UCL group.

The value must be an existing UCL group name on the device.

all

Specifies all static UCL groups.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In an enterprise network, a server that provides resources has a fixed domain name. The administrator can identify this server using a UCL group and associate the server domain name with the UCL group to form a static UCL group.

After a domain name of a resource server is configured in a static UCL group, the server IP addresses can be obtained based on this domain name and the user access policies can be managed based on the static UCL group, simplifying network deployment.

Prerequisites

A UCL group has been created using the ucl-group command.

Follow-up Procedure

Run the dns snooping enable command to enable DNS snooping.

Precautions

In the ubiquitous service solution, this command does not need to be run on the device, and it is configured on the controller and delivered to the device.

If the IP address obtained based on a domain name conflicts with the IP address configured using the ucl-group ip command, the configured IP address takes effect.

Currently, only IPv4 addresses can be obtained based on domain names.

In policy association and SVF scenarios, access devices do not support this command.

UCL groups do not support IP address overlapping. The device cannot allocate users or resources with the same IP addresses in different VPNs to different UCL groups, and can only allocate these users or resources to the same UCL group.

Example

# Set the domain name in the static UCL group email to example.com.

<HUAWEI> system-view
[HUAWEI] ucl-group 1 name email
[HUAWEI] ucl-group domain domain-name example.com name email
Parent Topic: NAC Configuration Commands (Unified Mode)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >