H3C Technologies H3C Intelligent Management Center User Manual
Page 1021
1007
5.
A guest user uses the guest account to access the network.
GAM involves the following user roles:
•
IMC operator—An IMC operator is an administrator of the enterprise or organization network. The
network administrator manages the operation of the whole network, and guarantees the network
security.
•
User—Internal user of an enterprise or organization, for example, an employee of an enterprise.
Users use the network resources. For more information about users, see "
•
Guest access operator—Manager of the guest users. A guest access operator is another role of a
user. When a user is specified as a guest access operator, the user can log in to the guest access
self-service system to manage the guest users. For example, a gatekeeper can be specified as a
guest access operator.
•
Guest user—An external user who needs to temporarily access the network of an enterprise or
organization.
To manage the guest users, follow these steps in GAM:
•
Create guest access user groups.
•
Create guest access operators.
•
Create guest accounts.
Creating guest access user groups and creating guest access operators are performed in the guest
access management module. Creating guest accounts is performed in the guest access self-service
system.
The guest user access group function assigns guest accounts in the same format to guest users of the same
type, so that you can identify the guest user information according to the guest account. After a user is
configured as a guest access operator, the guest access operator can log in to the guest access
self-service system and manage the guest accounts.
GAM also provides the log auditing function. GAM logs the operations that a guest access operator
performs in the guest access self-service system, including logging in to/logging out of the guest access
self-service system, creating/deleting guest accounts, and modifying passwords.
A network administrator can use the log auditing function to audit the non-conforming operations of the
guest access operator, and take the corresponding measures to secure the network.
When a guest uses an existing guest account to access the network, the guest must first pass the
authentication of the access device. You must configure an authentication method on the access device.
Portal authentication and 802.1X authentication are available. You must perform the following
configurations on the access device:
•
Enable port security.
•
Configure an authentication method.
•
Create a local user group.
•
Enable port security on the access interface.
•
Specify the default ISP domain.
For how to configure these functions on the access device, see the user guides for the access device.
The following sections detail GAM configurations:
•
Guest access user group
•
Guest access operator