- Table of Contents
-
- 14-Security Configuration Guide
- 00-Preface
- 01-ACL configuration
- 02-Time range configuration
- 03-User profile configuration
- 04-Public key management
- 05-PKI configuration
- 06-IPsec configuration
- 07-SSH configuration
- 08-SSL configuration
- 09-Session management
- 10-Attack detection and prevention configuration
- 11-ARP attack protection configuration
- 12-ND attack defense configuration
- 13-Crypto engine configuration
- 14-Connection limit configuration
- 15-Password control configuration
- Related Documents
-
Title | Size | Download |
---|---|---|
03-User profile configuration | 48.54 KB |
1 Configuring user profiles
About user profiles
A user profile defines a set of parameters, such as a QoS policy, for a user or a class of users. A user profile can be reused when a user connected to the network on a different interface.
The user profile application allows flexible traffic policing on a per-user basis. Each time a user passes authentication, the server sends the device the name of the user profile specified for the user. The device applies the parameters in the user profile to the user.
The device works with an authentication server to perform user authentication.
· In remote authentication, specify the user profile associated with the user on the authentication server.
· In local authentication, specify the user profile associated with the user in the local user view on the device. For information about local users, see AAA in User Access and Authentication Configuration Guide.
A user is subject to the associated user profile after it comes online. A user profile limits the access behaviors of online users. The configuration of a user profile is not in effect if the user is not online.
You can use user profiles for the following purposes:
· Allocate system resource per user—The interface-based traffic policing limits the total amount of bandwidth available to a group of users. However, user-profile-based traffic policing can limit the amount of bandwidth available to a single user.
· Flexibly limit access to system resources—For interface-based traffic policing, if the user comes online on a different interface, you must remove the traffic policing configuration and reconfigure traffic policing on the new interface. For user-profile-based traffic policing, the traffic policing configuration is automatically issued to the user when the user comes online. When the user goes offline, the traffic policing configuration is automatically removed.
Prerequisites for user profile
A user profile works with authentication methods. You must configure authentication for a user profile. For information about supported authentication methods, see the configuration guides for the related authentication modules.
Configuring a user profile
1. Enter system view.
system-view
2. Create a user profile and enter user profile view.
user-profile profile-name
Display and maintenance commands for user profiles
Execute display commands in any view.
Task |
Command |
Display configuration and online user information for the specified user profile or all user profiles. |
display user-profile [ session-group ] [ name profile-name ] |