access post-domain auto-login-type

Function

The access post-domain auto-login-type command allows web users to directly log in to the post-authentication domain.

The undo access post-domain auto-login-type command restores the default configuration.

By default, web users cannot directly log in to the post-authentication domain.

This command is supported only on the NetEngine 8000 F1A.

Format

access post-domain auto-login-type { web auth-server { ipaddr | ipv6addr } [ vpn-instance vpnname ] | coa }

undo access post-domain auto-login-type { web auth-server { ipaddr | ipv6addr } [ vpn-instance vpnname ] | coa }

Parameters

Parameter Description Value
web

Directly logs in to the post-authentication domain through request messages sent to the web server.

-
auth-server

Web auth server.

-
ipaddr

Specifies the IP address of the web authentication server.

The value is in dotted decimal notation.
ipv6addr

Specifies the IPv6 address of the web authentication server.

The value is a 32-bit hexadecimal number, in the format of X:X:X:X:X:X:X:X.
vpn-instance vpnname

Specifies the VPN instance name.

The value is a string of 1 to 31 case-sensitive characters, spaces not supported.
coa

Directly logs in to the post-authentication domain through CoA messages.

-

Views

Domain view

Default Level

3: Management level

Task Name and Operations

Task Name Operations
aaa write

Usage Guidelines

Usage Scenario

In a web authentication scenario, by default, regardless of whether the user goes offline proactively or passively (for example, due to quotation exhaustion), the username and password need to be entered for re-authentication next time the user goes online. Run the following command:

  • If the user proactively goes offline, the user needs to enter the username and password for authentication when going online next time. The process is the same as the first login process.
  • If the user goes online passively (for example, due to quota exhaustion), the user does not need to enter the username and password when going online again. Instead, the user can directly logs in to the post-authentication for network access.

Precautions

If the access post-domain auto-login-type command is run in the current domain to log in to the post-authentication domain, the web-auth-server source from packet-destination-ip command cannot be run. If the portal server checks the source IP address of received packets, you are advised to run the web-auth-server source interface GigabitEthernet command.

Example

# Enable the function to allow a user to directly log in to the post-authentication domain and set the login mode to web in the domain.
<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] domain test
[*HUAWEI-aaa-domain-test] commit
[~HUAWEI-aaa-domain-test] access post-domain auto-login-type web auth-server 10.1.1.1
Parent Topic: AAA and User Management Configuration (Access User)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >