permit-domain
Function
The permit-domain command specifies a domain whose users are allowed to access a BAS interface.
The undo permit-domain command deletes a domain whose users are allowed to access a BAS interface.
By default, users in all domains are allowed to access a BAS interface.
This command is supported only on the NetEngine 8000 F1A.
Usage Guidelines
Usage Scenario
If no domain is specified for a BAS interface, users in all domains are allowed to access the BAS interface. If a domain is specified for a BAS interface, only users in this domain are allowed to access the BAS interface.
Before running this command, set the access type of the user to layer2 subscriber using the access-type command.Precautions
This command is supported only on the admin VS.
After you run the permit-domain command to specify a domain for a BAS interface, only the users in the specified domain can go online through the BAS interface. The users from other domains, including the default-domain, cannot go online through the BAS interface. When you run this command, exercise caution to prevent unintended login failures of other users. The permit-domain command cannot be configured together with the deny-domain-list, deny-domain, or permit-domain-list command on one BAS interface.Example
# Specify domains named dom1 and dom2 for the BAS interface GE 0/1/1 so that users in dom1 and dom2 can access GE 0/1/1.
<HUAWEI> system-view [~HUAWEI] aaa [~HUAWEI-aaa] domain dom1 [*HUAWEI-aaa-dom1] domain dom2 [*HUAWEI-aaa-dom2] commit [~HUAWEI-aaa-dom2] quit [~HUAWEI-aaa] quit [~HUAWEI] interface GigabitEthernet 0/1/1 [~HUAWEI-GigabitEthernet0/1/1] bas [~HUAWEI-GigabitEthernet0/1/1-bas] access-type layer2-subscriber [*HUAWEI-GigabitEthernet0/1/1-bas] commit [~HUAWEI-GigabitEthernet0/1/1-bas] permit-domain dom1 dom2