What are the functions of the domain and global default domain on an S series switch

50

S series switches (except S1700 switches) manage access users based on domains. Each access user belongs to a domain.
The authentication, authorization, and accounting schemes can be bound to domain views. A switch manages the access users in the same domain in the same manner, for example, using the same authentication, authorization, or accounting scheme.
The domain of an access user is decided by the user name the user entered for login, and the switch authenticates the user according to the domain in the user name. If the user name does not contain a domain name, the device adds the user to the global default domain according to the user access type and authenticates the user based on the configuration of the global default domain.
By default, the global administrative domain is default_admin and the global default domain for common access users is default. You can run the domain domain-name [ admin ] command to modify configurations of the global default domains, but you cannot delete the domains.

Other related questions:
What are the functions of domain and global default domain
The device manages access users based on domains. Each access user belongs to a domain. The authentication, authorization, and accounting schemes can be bound to the domain views. The device manages the access users in the same domain in the same manner, for example, the same authentication, authorization, and accounting scheme. The domain of an access user is decided by the user name the user entered in login, and the device authenticates the user according to the domain in the user name. If the user name does not contain a domain name, the device adds the user to the global default domain according to the user access type and authenticates the user based on the configuration of the global default domain. The administrator (logging in through Telnet, SSH, FTP, HTTP, or Terminal) is authenticated in the global default administrative domain. By default, the global administrative domain is default_admin. You can run the domain domain-name admin command in the system view to configure the global default administrative domain. The common users (logging in through MAC, Portal, 802.1x, or PPP authentication) are authenticated in the global default common domain. By default, the global common domain is default. You can run the domain domain-name command in the system view to configure the global default common domain. NOTE: You can modify the configuration of the global default domains by default, but cannot delete the domains.

How to change the default administrative domain on a CE series switch
If an administrator does not enter the domain name when logging in to a switch, the administrator is added to the global default administrative domain. If the system administrator has created a domain (for example, localuser) for user authentication, users must enter their user names with the domain name delimiter and domain name (for example, @localuser). This reduces operation efficiency.
To facilitate operation, the system administrator can run the default-domain admin command to specify the domain name first_domain as the name of the global default administrative domain. Users do not need to enter @localuser for login.
<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] domain localuser
[*HUAWEI-aaa-domain-localuser] quit
[*HUAWEI-aaa] default-domain admin localuser
[*HUAWEI-aaa] commit

Why configure domain IDs for OSPF on S series switches
OSPF domain IDs apply to VPNs. When the domain ID of the remote PE is the same as that of the local PE, Type 1, Type 2, and Type 3 LSAs generate Type 3 LSAs, and Type 5 and Type 7 LSAs generate Type 5 and Type 7 LSAs (related to the area type). When the domain ID of the remote PE is different from that of the local PE, Type 1, Type 2, and Type 3 LSAs generate Type 5 or Type 7 LSAs, and Type 5 and Type 7 LSAs generate Type 5 and Type 7 LSAs (related to the area type). Before advertising the remote routes to CEs, PEs need to determine the type of OSPF routes (Type 3 or Type 5) to be advertised to CEs according to domain IDs. If local domain IDs are the same as or compatible with remote domain IDs in BGP routes, PEs advertise Type 3 routes. If not, PEs advertise Type 5 routes.

What is the default management and authentication domain of the AR router
By default, the global administrative domain (authentication domain of the administrator) on the AR router is default_admin. You can run the domain domain-name admin command in the system view to modify the global default administrative domain.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top