deny-domain-list
Function
The deny-domain-list command specifies a list of domains in which users are not allowed to access the BAS interface.
The undo deny-domain-list command cancels the previous configuration.
By default, all domains are allowed to access.
This command is supported only on the NetEngine 8000 F1A.
Usage Guidelines
Usage Scenario
To prevent users in certain domains from accessing the BAS interface, you need to run the deny-domain-list command.
Prerequisites
The access-type command has been run to set the access type to layer2-subscriber.
Configuration Impact
If the deny-domain-list command is run on the BAS interface, users in the domains specified by this command are not allowed to access the BAS interface, but users of other domains are allowed to access the BAS interface. If the deny-domain-list command is not run, all domain users can access the BAS interface.
Precautions
This command is supported only on the admin VS.
The deny-domain-list command cannot be configured together with the permit-domain-list, permit-domain, or deny-domain command on the BAS interface.Example
<HUAWEI> system-view [~HUAWEI] aaa [~HUAWEI-aaa] domain-list domlist1 [~HUAWEI-aaa-domainlist-domlist1] commit [~HUAWEI-aaa-domainlist-domlist1] quit [~HUAWEI-aaa] quit [~HUAWEI] interface GigabitEthernet 0/1/1 [~HUAWEI-GigabitEthernet0/1/1] commit [~HUAWEI-GigabitEthernet0/1/1] bas [~HUAWEI-GigabitEthernet0/1/1-bas] access-type layer2-subscriber [*HUAWEI-GigabitEthernet0/1/1-bas] commit [~HUAWEI-GigabitEthernet0/1/1-bas] deny-domain-list domlist1