Procedure
Configure a QoS policy.
Use this QoS policy to remark traffic destined for different IP addresses or subnets to different levels. For more information about QoS, see ACL and QoS Configuration Guide.
Configure a user profile, and apply the QoS policy to the user profile.
For more information about user profiles, see "Configuring user profiles."
Authorize the user profile to authenticated users. Choose one of the following tasks:
Configure the RADIUS server (in remote authentication) or the device (in local authentication) to assign the user profile.
After a user passes authentication, the RADIUS server or the device assigns a user profile to the user. For more information about using a remote server to assign a user profile, see related documents about the server. For more information about configuring the device to assign a user profile, see "Configuring attributes for network access users."
Specify the user profile in the authentication domain.
If the RADIUS server or the device does not assign a user profile to a user, the user profile specified for the authentication domain is assigned to the user. For more information about specifying the user profile in an authentication domain, see "Configuring authorization attributes for an ISP domain."
The user profile assigned by a remote server or the device takes precedence over the user profile specified in the authentication domain.
Configure an ITA policy.
Enter system view.
system-view
Create an ITA policy and enter ITA policy view.
ita policy policy-name
Specify accounting methods in the ITA policy.
accounting-method { none | radius-scheme radius-scheme-name [ none ] }
By default, the accounting method is none.
Specify a traffic level for ITA accounting.
accounting-level level { ipv4 | ipv6 }
By default, no traffic levels are specified for ITA accounting.
(Optional.) Enable accounting merge.
accounting-merge enable
By default, accounting merge is disabled.
(Optional.) Configure access control for users that have used up their ITA data quotas.
traffic-quota-out { offline | online }
By default, the users cannot access the authorized IP subnets after they use up their ITA data quotas.
(Optional.) Exclude the amount of ITA traffic from the overall traffic statistics that are sent to the accounting server.
traffic-separate enable
By default, the amount of ITA traffic is included in the overall traffic statistics that are sent to the accounting server.
Specify the ITA policy on the RADIUS server or in the authentication domain on the device.
The ITA policy assigned by a RADIUS server takes precedence over the ITA policy specified in the authentication domain.