< Home

user-group (AAA domain view)

Function

The user-group command binds the users in a domain to the authorization information of a user group.

The undo user-group command unbinds the users in a domain from the authorization information of a user group.

By default, no authorization information of a user group is bound to the users in a domain.

This command is supported only in the NAC common mode.

Format

user-group group-name

undo user-group

Parameters

Parameter Description Value
group-name Specifies the name of a user group. The user group name must already exist.

Views

AAA domain view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the user-group command in the AAA domain to bind the users in a domain to the authorization information of a user group.

Precautions

  • The user group to be specified using the local-user user-group command must have been created using the user-group command.

  • A user group cannot be deleted after being referenced to a domain using this command.

  • Huawei proprietary attribute 82 delivered by RADIUS cannot be used together with the function of binding authentication information of a user group to a domain.

  • The priority of the authorization information delivered using this command is lower than that of the authorization information delivered using the portal free-rule rule-id source ip ip-address mask { mask-length | ip-mask } [ mac mac-address ] [ interface interface-type interface-number ] destination user-group group-name command.

Example

# Bind the user group group1 to the domain test.

<HUAWEI> system-view
[HUAWEI] aaa
[HUAWEI-aaa] domain test
[HUAWEI-aaa-domain-test] user-group group1
Parent Topic: AAA Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >