Login
- Table of Contents
-
- 14-User Access and Authentication Configuration Guide
- 00-Preface
- 01-AAA configuration
- 02-802.1X configuration
- 03-MAC authentication configuration
- 04-Portal configuration
- 05-Web authentication configuration
- 06-Port security configuration
- 07-Password control configuration
- 08-User profile configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 08-User profile configuration | 55.68 KB |
Configuring user profiles
About user profiles
A user profile defines a set of parameters, such as a QoS policy, for a user or a class of users. A user profile can be reused when a user connected to the network on a different interface.
You can apply a user profile in one of the following methods:
· Control profile for traffic of an online user—After a user passes authentication, the authentication server will apply the name of the user profile bound to the user account to a device. Then, the device will rate-limit traffic of the online user according to the configuration in the user profile. In this case, the user profile is a traffic control profile for an online user.
· Control profile for all traffic on an interface—The network administrator can directly apply a user profile to an interface at the CLI, and the user profile processes all traffic on the interface r according to the configuration in the user profile. In this case, the user profile is a control profile for all traffic on an interface.
The user profile application allows flexible traffic policing on a per-user basis. Each time a user passes authentication, the server sends the device the name of the user profile specified for the user. The device applies the parameters in the user profile to the user.
User profiles are typically used in the following scenarios:
· Resource allocation per user—Interface-based traffic policing limits the total amount of bandwidth available to a group of users. However, user-profile-based traffic policing can limit the amount of bandwidth available to a single user.
· User access control—When a user passes authentication but the account is overdue, only the resources defined by the ACL permit rules in the free rules are accessible for this user.
Prerequisites for user profile
As a control profile for traffic of online users, a user profile works with authentication methods. You must configure authentication for a user profile. For information about supported authentication methods, see the configuration guides for the related authentication modules.
As a control profile for all traffic on an interface, a user profile is not related to online user authentication, and does not need to be work with authentication methods.
Configuring a user profile
1. Enter system view.
system-view
2. Create a user profile and enter user profile view.
user-profile profile-name
3. Configure the user profile. Choose the options to configure as needed:
¡ Apply an existing QoS policy to the user profile.
qos apply policy policy-name { inbound | outbound }
By default, no QoS policy is applied to a user profile.
¡ Configure a CAR policy for the user profile.
qos car { inbound | outbound } any cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ]
qos car { inbound | outbound } any cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ]
By default, no CAR policy is configured for a user profile.
For information about QoS policies and CAR policies, see ACL and QoS Configuration Guide.
Verifying and maintaining user profiles
To display configuration and online user information for the specified user profile or all user profiles, execute the following command in any view.
display user-profile [ name profile-name ] [ slot slot-number ]
