No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Web-based Typical Configuration Examples

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600

This document provides examples for configuring AR router features in typical usage scenarios.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring HWTACACS Authentication

Example for Configuring HWTACACS Authentication

Applicability

This example applies to all AR models of V200R003C00 and later versions.

Networking Requirements

As shown in Figure 9-13, the customer requirements are as follows:
  • The HWTACACS server will authenticate access users for Router.
  • The HWTACACS server at 10.7.66.66/24 functions as the primary authentication. The HWTACACS server at 10.7.66.67/24 functions as the secondary authentication. The default authentication port is 49.
Figure 9-13  Networking diagram of HWTACACS authentication

Procedure

  1. Creating an authentication scheme.
    1. As shown in Figure 9-14, choose Security > AAA > AAA Scheme to open the AAA Scheme page.

      Figure 9-14  AAA Scheme

    2. Click Create in the Authentication Scheme area to configure the authentication scheme, as show in Figure 9-15.

      Figure 9-15  Create Authentication Scheme

    3. Click OK to complete the configuration.
  2. Create a HWTACACS server template and the authentication/accounting server.
    1. As shown in Figure 9-16, choose Security > AAA > HWTACACS Setting to open the HWTACACS Setting page.

      Figure 9-16  HWTACACS Setting

    2. Click Enable in the Global Setting area and click Apply. The configuration result is displayed as Figure 9-17.

      Figure 9-17  HWTACACS Global Setting

    3. Click Create in the HWTACACS Server Template area to configure the HWTACACS server template, as shown in Figure 9-18.

      Figure 9-18  HWTACACS Server Template

    4. Click OK to complete the configuration.
    5. Click Create in the Authentication/Authorization/Accounting Server area to configure the authentication/authorization/accounting server, as shown in Figure 9-19.

      Figure 9-19  Authentication/Authorization/Accounting Server

    6. Click OK to complete the configuration.
  3. Configure the domain huawei and apply the authentication scheme and HWTACACS template to the domain huawei.
    1. As shown in Figure 9-20, choose Security > AAA > Domain Setting to open the Domain Setting page.

      Figure 9-20  Domain Setting

    2. Click Create in the Domain List area to configure the domain information, as shown in Figure 9-21.

      Figure 9-21  Create Domain

    3. Click OK to complete the configuration.
  4. Verify the Configuration.

    # On the AAA Scheme page, information about the authentication scheme hwtacacsauthen is displayed in the Authentication Scheme area, as shown in Figure 9-22.

    Figure 9-22  Authentication Scheme

    # On the HWTACACS Setting page, information about the HWTACACS server template hwtacacstemp is displayed in the HWTACACS Server Template area, as shown in Figure 9-23.

    Figure 9-23  HWTACACS Server Template

    # On the HWTACACS Setting page, information about the authentication/authorization/accounting server hwtacacstemp is displayed in the Authentication/Authorization/Accounting Server area, as shown in Figure 9-24.

    Figure 9-24  Authentication/Authorization/Accounting Server

    # On the Domain Setting page, information about the domain huawei is displayed in the Domain List area, as shown in Figure 9-25.

    Figure 9-25  Domain Setting

Configuration Notes

  • Perform the configurations in the previously described sequence; otherwise, the customized template will be unavailable when you set a scheme.
  • The router and the HWTACACS server must use the same shared key.

Translation
Download
Updated: 2019-05-20

Document ID: EDOC1000079722

Views: 51169

Downloads: 7461

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next