What is the default management and authentication domain of the AR router

15

By default, the global administrative domain (authentication domain of the administrator) on the AR router is default_admin.
You can run the domain domain-name admin command in the system view to modify the global default administrative domain.

Other related questions:
What are the functions of domain and global default domain
The device manages access users based on domains. Each access user belongs to a domain. The authentication, authorization, and accounting schemes can be bound to the domain views. The device manages the access users in the same domain in the same manner, for example, the same authentication, authorization, and accounting scheme. The domain of an access user is decided by the user name the user entered in login, and the device authenticates the user according to the domain in the user name. If the user name does not contain a domain name, the device adds the user to the global default domain according to the user access type and authenticates the user based on the configuration of the global default domain. The administrator (logging in through Telnet, SSH, FTP, HTTP, or Terminal) is authenticated in the global default administrative domain. By default, the global administrative domain is default_admin. You can run the domain domain-name admin command in the system view to configure the global default administrative domain. The common users (logging in through MAC, Portal, 802.1x, or PPP authentication) are authenticated in the global default common domain. By default, the global common domain is default. You can run the domain domain-name command in the system view to configure the global default common domain. NOTE: You can modify the configuration of the global default domains by default, but cannot delete the domains.

Which domain is preferentially used to authenticate users when MAC address authentication is used on the AR router
The following domains used in MAC authentication mode are listed in descending order of priority on the AR router: 1. Domain corresponding to the MAC address that is configured by the mac-authen domain mac-address command in the system view 2. Domain configured by the mac-authen domain command in the interface view 3. Domain configured by the mac-authen domain command in the system view 4. Default domain in the system view

On which interface is the default management IP address of an AR router configured
From specified versions on, the router is configured with a management IP address in factory setting and the web NMS is enabled.

Configure session table aging time of the firewall on an AR router
Background information A router creates session tables for data flows that pass the firewall over TCP, UDP, or ICMP. The session tables record connection status of the protocols. If packets do not hit a record within the aging time (the aging time expires), corresponding session entry is deleted. To modify the aging time of a protocol, configure the session table aging time of the firewall. Operation procedure Run the system-view command to access the system view. Run the firewall-nat session { dns | ftp | ftp-data | http | icmp | tcp | tcp-proxy | udp | sip | sip-media | rtsp | rtsp-media | pptp | pptp-data } aging-time time-value command to configure the session table aging time of the firewall. By default, the aging time of different protocols is as follows: DNS (120s), FTP (120s), FTP-data (120s), HTTP (120s), ICMP (20s), TCP (600s), TCP-proxy (10s), UDP (120s), SIP (1800s), SIP-media (120s), RTSP (60s), RTSP-media (120s), PPTP (600s), and PPTP-data (600s). You are advised to use the default aging time. Check the configuration result. Run the display firewall-nat session aging-time command to check information about the session table aging time. Note: The AR510 series routers do not support the keywords SIP and SIP-media.

How is an authentication scheme bound to an AAA domain on an AR
Before configuring an authentication scheme for a domain on an AR, create an authentication scheme and set parameters in the authentication scheme. The configuration is as follows: 1. Create an authentication scheme scheme1 in the AAA view. [Huawei] aaa [Huawei-aaa] authentication-scheme scheme1 [Huawei-aaa-authen-scheme1] quit 2. Create an AAA domain isp1 and bind the authentication scheme scheme1 to the AAA domain. [Huawei-aaa] domain isp1 [Huawei-aaa-domain-isp1] authentication-scheme scheme1 [Huawei-aaa-domain-isp1] quit

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top