No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, DAA, NAC, PPPoE, Policy Association, and IP session.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring AAA Schemes

Configuring AAA Schemes

Context

To use local authentication and authorization, set the authentication mode in an authentication scheme to local authentication and the authorization mode in an authorization scheme to local authorization.

By default, the device performs local authentication and authorization for access users.

NOTE:

If non-authentication is configured using the authentication-mode command, users can pass the authentication using any user name or password. To protect the device and improve network security, you are advised to enable authentication to allow only authenticated users to access the device or network.

Procedure

  • Configure an authentication scheme.
    1. Run system-view

      The system view is displayed.

    2. Run aaa

      The AAA view is displayed.

    3. Run authentication-scheme authentication-scheme-name

      An authentication scheme is created and the authentication scheme view is displayed, or an existing authentication scheme view is displayed.

      Two default authentication schemes named default and radius are available on the device. These two authentication schemes can be modified but not deleted.

    4. Run authentication-mode local

      The authentication mode is set to local.

      By default, local authentication is used.

    5. Run quit

      The AAA view is displayed.

    6. (Optional) Run domainname-parse-direction { left-to-right | right-to-left }

      The direction in which the domain name is parsed is specified.

      By default, a domain name is parsed from left to right.

    7. Run quit

      The system view is displayed.

    8. (Optional) Run aaa-authen-bypass enable time time-value

      The bypass authentication duration is set.

      By default, the bypass authentication function is disabled.

  • Configure an authorization scheme.
    1. Run system-view

      The system view is displayed.

    2. Run aaa

      The AAA view is displayed.

    3. Run authorization-scheme authorization-scheme-name

      An authorization scheme is created and the authorization scheme view is displayed, or an existing authorization scheme view is displayed.

      A default authorization scheme named default is available on the device. This authorization scheme can be modified but not deleted.

    4. Run authorization-mode local [ none ]

      The authorization mode is set.

      By default, local authorization is used.

    5. Run quit

      The AAA view is displayed.

    6. (Optional) Run authorization-modify mode { modify | overlay }

      The update mode of user authorization information delivered by the authorization server is set.

      The default mode is overlay.

    7. Run quit

      The system view is displayed.

    8. (Optional) Run aaa-author-bypass enable time time-value

      The bypass authorization duration is set.

      By default, the bypass authorization function is disabled.

Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178117

Views: 118785

Downloads: 55

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next