Configuring a Username Generation Mode and Password

The NetEngine 8000 F supports the configuration of username generation modes and passwords. With the help of this function, no username or password needs to be entered for access users, such as binding users who attempt to get online through BAS interfaces.

Procedure

Configure a username generation mode.
1. Run system-view
  The system view is displayed.
2. Run aaa
  The AAA view is displayed.
3. Run either of the following commands:
  - To configure the router to generate an IPoE or PPPoE username based on information carried in the user access request packets, run the default-user-name [ template template-name ] include { sysname [ separator ] | gateway-address separator [ username-seperator ] | ip-address separator [ username-seperator ] | ipv6-address { compressed | preferred seperator } [ username-seperator ] | delegation-prefix [ username-seperator ] | mac-address { separator | noseparator } [ username-seperator ] | { option82 [ username-seperator | { sub-option sub-option-code [ offset offset ] parse-mode { auto-identify [ length ] | string [ length ] | binary length | hex [ length ] { class1 | class2 | class3 } } [ username-seperator ] } &<1-4> ] | access-line-id [ separator | { circuit-id [ offset offset ] parse-mode { auto-identify [ offset ] | string [ length ] | binary length | hex [ length ] { class1 | class2 | class3 } } username-seperator | remote-id [ offset offset ] parse-mode { auto-identify [ offset ] | string [ length ] | binary length | hex [ length ] { class1 | class2 | class3 } } [ username-seperator ] } * ] } | { option60 | vendor-class } [ cn | [ offset offset2 ] { length length2 | sub-option suboption-id2 [ sub-offset offset2 ] [ sub-length length2 ] } ] [ username-seperator ] | { option61 | client-id } [ username-seperator ] | option12 [ username-seperator ] | pevlan [ username-seperator ] | cevlan [ username-seperator ] | slot [ username-seperator ] | port [ username-seperator ] | subslot [ username-seperator ] } * command.
  - To configure the router to generate an IPoE username in a specific format, run any of the following commands:
    - vlanpvc-to-username { standard | turkey | version10 | version20 }
    - vlanpvc-to-username standard trust { pevlan | cevlan } [ ignore-rid ]
    - vlanpvc-to-username standard ignore-rid
4. (Optional) Run domain domain-name
  The AAA domain view is displayed.
5. (Optional) Run radius-server domain-annex { left | right } annex-string
  A string is added to the left or right of the domain name in the username carried in an authentication request packet or in an accounting request packet sent from a BRAS to a RADIUS server.
6. Run commit
  The configuration is committed.
Configuring password.
1. Run system-view
  The system view is displayed.
2. Run aaa
  The AAA view is displayed.
3. Run default-password [ template template-name ] { cipher cipher-password | simple simple-password | { option60 | vendor-class } [ cn | [ offset offset ] { length length | sub-option sub-option-code [ sub-offset sub-offset ] [ sub-length sub-length ] } ] [ md5-encryt ] [ support hex ] | { option77 | user-class } }
  A password or password template is set for the IPoE user.
  
  The differences between the cipher and simple keywords are as follows:
  - If cipher is specified, you can enter an encrypted password. If simple is specified, you can enter only the original (non-encrypted) password.
  - The cipher parameter supports longer passwords because encrypted passwords are longer than non-encrypted ones.
  For security purposes, use an eight-character or longer password that contains at least two types of the following: uppercase letters, lowercase letters, digits, and special characters. Do not use the default password, and you are advised to configure your password in ciphertext mode and change it periodically.
4. Run commit
  The configuration is committed.