Login
- Table of Contents
-
- 14-Security Configuration Guide
- 00-Preface
- 01-ACL configuration
- 02-Time range configuration
- 03-User profile configuration
- 04-Public key management
- 05-PKI configuration
- 06-IPsec configuration
- 07-SSH configuration
- 08-SSL configuration
- 09-Session management
- 10-ARP attack protection configuration
- 11-ND attack defense configuration
- 12-Password control configuration
- 13-Crypto engine configuration
- 14-Connection limit configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-User profile configuration | 59.21 KB |
Configuring user profiles
About user profiles
A user profile defines a set of parameters, such as a QoS policy, for a user or a class of users. A user profile can be reused when a user connected to the network on a different interface.
You can apply a user profile in one of the following methods:
· Control profile for traffic of an online user—After a user passes authentication, the authentication server will apply the name of the user profile bound to the user account to a device. Then, the device will rate-limit traffic of the online user according to the configuration in the user profile. In this case, the user profile is a traffic control profile for an online user.
· Control profile for all traffic on an interface—The network administrator can directly apply a user profile to an interface at the CLI, and the user profile processes all traffic on the interface r according to the configuration in the user profile. In this case, the user profile is a control profile for all traffic on an interface.
The user profile application allows flexible traffic policing on a per-user basis. Each time a user passes authentication, the server sends the device the name of the user profile specified for the user. The device applies the parameters in the user profile to the user.
User profiles are typically used for resource allocation per user. For example, the interface-based traffic policing limits the total amount of bandwidth available to a group of users. However, user-profile-based traffic policing can limit the amount of bandwidth available to a single user.
Prerequisites for user profile
As a control profile for traffic of online users, a user profile works with authentication methods. You must configure authentication for a user profile. For information about supported authentication methods, see the configuration guides for the related authentication modules.
As a control profile for all traffic on an interface, a user profile is not related to online user authentication, and does not need to be work with authentication methods.
Configuring a user profile
1. Enter system view.
system-view
2. Create a user profile and enter user profile view.
user-profile profile-name
3. Configure the user profile. Choose the options to configure as needed:
¡ Configure a CAR policy for the user profile.
qos car { inbound | outbound } any cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ]
qos car { inbound | outbound } any cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ]
By default, no CAR policy is configured for a user profile.
¡ Set the maximum number of user connections.
connection-limit amount amount
By default, the number of user connections is not limited for a user profile.
¡ Set the maximum connection establishment rate.
connection-limit rate rate
By default, the connection establishment rate is not limited for a user profile.
For information about CAR policies, see ACL and QoS Configuration Guide.
For information about connection limits, see "Configuring connection limits."
Display and maintenance commands for user profiles
Execute display commands in any view.
|
Task |
Command |
|
Display configuration and online user information for the specified user profile or all user profiles. |
display user-profile [ name profile-name ] |
