Feature Requirements |
Series |
Models |
|---|---|---|
A DAA service can be generated only when a DAA service policy is bound to a domain or delivered using a RADIUS authentication response packet. A DAA service policy can be switched through the RADIUS server. A DAA service cannot be generated using a DAA service policy delivered by the RADIUS server after a user goes online. Therefore, if a DAA service needs to be deployed, a DAA service policy must be bound to a domain or delivered using a RADIUS authentication response packet. |
NetEngine 8000 F |
NetEngine 8000 F1A |
DAA service policy switching restrictions: 1, A DAA service policy in non-uniform accounting mode supports switching for only existing services. The level and number of services do not change before and after switching. 2, Switching is not supported between a DAA service policy in non-uniform accounting mode and a DAA service policy in uniform accounting mode. 3, The IP address types in service policies must be the same before and after switching. Otherwise, services cannot be switched. 4, When a DAA service policy is switched, the accounting scheme in the DAA service policy cannot be switched. |
NetEngine 8000 F |
NetEngine 8000 F1A |
DAA quota delivery restrictions: 1. If both duration and volume quotas are delivered for DAA services, only the duration quota takes effect. Therefore, the duration quota and volume quota need to be delivered separately. 2. After DAA service quotas are exhausted in non-uniform accounting mode, service traffic cannot be forwarded. Services with quota exhaustion cannot be restored by delivering a service policy dynamically, and redirection is not supported. You can configure DAA unified accounting. |
NetEngine 8000 F |
NetEngine 8000 F1A |
DAA rate limit restrictions: 1, When SQ rate limit is used for a DAA service, non-service traffic enters the BE queue. If the DAA service is planned for the BE queue, non-service traffic is controlled by the DAA service's rate limit and is counted into the DAA service. Therefore, do not configure BE queue services when DAA uses SQ rate limiting. 2, Service separation is configured. If CAR rate limit is configured for DAA services and SQ rate limit is configured for users, service separation does not take effect. 3, If QoS resources are insufficient during DAA service policy switching, resources are not switched and services before switching remain unchanged. Service resource insufficiency can be checked. Therefore, you are not advised to switch the DAA template in case of QoS resource insufficiency. 4, SQ rate limit is configured for DAA services. If no rate limit is configured for a user, the user's rate is also limited. |
NetEngine 8000 F |
NetEngine 8000 F1A |
After DAA services are deployed in the web pre-authentication domain, users cannot be switched to the web authentication domain. Plan DAA services in the web authentication domain when both web and DAA services are deployed. |
NetEngine 8000 F |
NetEngine 8000 F1A |
Home users (QoS-profile is configured in the BAS interface view) and users with the same user name (user-max-session is configured in a domain or the portlimit attribute is delivered by the RADIUS server) do not support DAA. After DAA is configured for home users and users with the same user name, home users all apply for QoS resources. That is, home users cannot share the same resource to implement uniform rate limit. |
NetEngine 8000 F |
NetEngine 8000 F1A |
DAA rate limit restrictions: 1, When SQ rate limit is used for a DAA service, non-service traffic enters the BE queue. If the DAA service is planned for the BE queue, non-service traffic is controlled by the DAA service's rate limit and is counted into the DAA service. Therefore, do not configure BE queue services when DAA uses SQ rate limiting. 2, Service separation is configured. If CAR rate limit is configured for DAA services and SQ rate limit is configured for users, service separation does not take effect. 3, If QoS resources are insufficient during DAA service policy switching, resources are not switched and services before switching remain unchanged. Service resource insufficiency can be checked. Therefore, you are not advised to switch the DAA template in case of QoS resource insufficiency. 4, SQ rate limit is configured for DAA services. If no rate limit is configured for a user, the user's rate is also limited. |
NetEngine 8000 F |
NetEngine 8000 F1A |
The user-group (or service-group) resource space is divided into two parts. One part is applied for by configuring user-group (or service-group) using a command, and resources are allocated from front to back. The other part is applied for by the RADIUS server delivering dynamic ACLs or by binding user-group to traffic-policy, and resources are allocated from back to front. The two types of resources are isolated from each other. If the user-group (or service-group) resources applied for by the RADIUS server are released later, resource holes may occur. These resource holes cannot be applied for by user-group configured using a command. As a result, resources are wasted. You are advised to properly plan user-group (or service-group) resources. |
NetEngine 8000 F |
NetEngine 8000 F1A |