aaa-said diag-rule online-fail-num

Function

The aaa-said diag-rule online-fail-num command sets the user login failure increment within 10 minutes, number of online users reduced, and login success ratio reduced that can trigger fault diagnosis on SAID AAA nodes.

The undo aaa-said diag-rule command restores the default settings.

By default, the fault diagnosis on SAID nodes is triggered when the login failure increment exceeds 10000 within 10 minutes, the number of online users is reduced by 1000, and the login success ratio is reduced by 30%.

This command is supported only on the NetEngine 8000 F1A.

Format

aaa-said diag-rule online-fail-num increase increase-num user-num reduce user-num online-success-ratio below succ-rate

undo aaa-said diag-rule [ online-fail-num increase increase-num user-num reduce user-num online-success-ratio below succ-rate ]

Parameters

Parameter Description Value
user-num

Online-user number.

-
reduce user-num

Specifies the number of online users reduced.

The value is an integer ranging from 1 to 256000. The default value is 1000.
online-success-ratio

Rate of online success.

-
below succ-rate

Specifies the login success ratio reduced, in percentage.

The value is an integer ranging from 1 to 100. The default value is 30.
increase increase-num

Specifies the login failure increment.

The value is an integer ranging from 1 to 256000. The default value is 10000.

Views

AAA view

Default Level

3: Management level

Task Name and Operations

Task Name Operations
aaa write

Usage Guidelines

Usage Scenario

In user access scenarios, SAID nodes can detect and diagnose user login failures.

A SAID node in the diagnosing state compares the login failure quantity, online user quantity, and login success ratio in the current period with those in the previous period, same period in the previous day, and same periods in the previous two days. The SAID node determines whether user access is normal based on the comparison result. By default, the SAID node considers that faults have occurred and enters the recovering state when the login failure increment exceeds 10000, the number of online users is reduced by 1000, and the login success ratio is reduced by 30%.

If those default values do not meet actual needs, run the aaa-said diag-rule online-fail-num command to adjust those parameter values.

Precautions

In VS mode, this command is supported only by the admin VS.

Example

# Set the user login failure increment within 10 minutes, number of online users reduced, and login success ratio reduced that can trigger fault detection on SAID AAA nodes.
<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] aaa-said diag-rule online-fail-num increase 120 user-num reduce 200 online-success-ratio below 10
Parent Topic: AAA and User Management Configuration (Access User)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >