FAQ:S12700 如何在已经设定了tacas进行登陆认证的情况下使用本地登陆认证?

发布时间:  2016-07-28 浏览次数:  77 下载次数:  0
问题描述
S12700 如何在已经设定了tacas进行登陆认证的情况下使用本地登陆认证?
解决方案
1、当tacacs和local在相同的域时,配置authentication-mode有tacas和local先后顺序,当tacas服务器不可达才会启用本地认证

2、tacacslocal在不同的域时,可以实现,配置方式如下:

 

[Huawei-aaa]authentication-scheme 123                                                                                                              

[Huawei-aaa-authen-123]authentication-mode local 

[Huawei-aaa-authen-123]quit

[Huawei-aaa]accounting-scheme 123                                                                                                                       

[Huawei-aaa-accounting-123]accounting-mode none                                

[Huawei-aaa-accounting-123]quit                                                                                                                                                            

[Huawei-aaa]domain 123                                                                                                           

[Huawei-aaa-domain-123]authentication-scheme 123 

[Huawei-aaa-domain-123]accounting-scheme 123                                                                                                                                                                                     

[Huawei-aaa-domain-123]quit                                                                                      

[Huawei-aaa]local-user huawei@123 password cipher huawei@123                   //配置账户名的时候必须要@域名                                                                                            

[Huawei-aaa]local-user huawei@123 service-type telnet                                                                                                                               

[Huawei-aaa]local-user huawei@123 privilege level  15   

   

END