- Table of Contents
-
- 12-Security Configuration Guide
- 00-Preface
- 01-Security zone configuration
- 02-AAA configuration
- 03-802.1X configuration
- 04-MAC authentication configuration
- 05-Portal configuration
- 06-Port security configuration
- 07-User profile configuration
- 08-Password control configuration
- 09-Keychain configuration
- 10-Public key management
- 11-PKI configuration
- 12-IPsec configuration
- 13-Group domain VPN configuration
- 14-SSH configuration
- 15-SSL configuration
- 16-SSL VPN configuration
- 17-ASPF configuration
- 18-APR configuration
- 19-mGRE configuration
- 20-Session management configuration
- 21-Connection limit configuration
- 22-Object group configuration
- 23-Object policy configuration
- 24-Security policy configuration
- 25-Attack detection and prevention configuration
- 26-IP source guard configuration
- 27-ARP attack protection configuration
- 28-ND attack defense configuration
- 29-uRPF configuration
- 30-SAVA configuration
- 31-Crypto engine configuration
- 32-FIPS configuration
- 33-MACsec configuration
- Related Documents
-
Title | Size | Download |
---|---|---|
07-User profile configuration | 55.73 KB |
Configuring user profiles
About user profiles
A user profile defines a set of parameters, such as a QoS policy, for a user or a class of users. A user profile can be reused when a user connected to the network on a different interface.
A user profile can be used in the following ways:
· Per-user traffic control—Each time a user passes authentication, the server sends the name of the user profile specified for the user to the device. The device applies the parameters in the user profile to the user.
· Per-interface traffic control—You apply a user profile to an interface from the CLI to control traffic on the interface.
User profiles are typically used for resource allocation per user. For example, the interface-based traffic policing limits the total amount of bandwidth available to a group of users. However, user-profile-based traffic policing can limit the amount of bandwidth available to a single user.
Prerequisites for user profile
When a user profile is used for per-user traffic control, you must configure authentication for that user profile. For information about supported authentication methods, see the configuration guides for the related authentication modules.
When a user profile is used for per-interface traffic control, you do not need to configure authentication for that user profile.
Configuring a user profile
1. Enter system view.
system-view
2. Create a user profile and enter user profile view.
user-profile profile-name
3. Configure the user profile. Choose the options to configure as needed:
¡ Apply an existing QoS policy to the user profile.
qos apply policy policy-name { inbound | outbound }
By default, no QoS policy is applied to a user profile.
¡ Configure a CAR policy for the user profile.
qos car { inbound | outbound } any cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ]
qos car { inbound | outbound } any cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ]
By default, no CAR policy is configured for a user profile.
¡ Configure GTS for the user profile.
qos gts cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ]
qos gts cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ]
By default, GTS is not configured for a user profile.
Support for these commands depends on the device model.
¡ Configure rate limiting for the user profile.
qos lr outbound { cir committed-information-rate [ cbs commited-burst-size [ ebs excess-burst-size ] ] | peer-advertise-bandwidth }
By default, rate limiting is not configured for the user profile.
Support for these commands depends on the device model.
¡ Apply a PQ list.
qos pq pql pql-index
By default, no PQ list is configured for a user profile.
For information about QoS policies, CAR policies, GTS, rate limiting, and PQ list, see ACL and QoS Configuration Guide.
Display and maintenance commands for user profiles
Execute display commands in any view.
Task |
Command |
Display configuration and online user information for the specified user profile or all user profiles. |
In standalone mode: display user-profile [ session-group ] [ name profile-name ] In IRF mode: display user-profile [ name profile-name ] [ slot slot-number ] |