No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Web-based Configuration Guide

AR650, AR1600, and AR6100 V300R003

This document describes how to configure and maintain your routers using the web platform.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
AAA Scheme

AAA Scheme

Context

Authentication, Authorization, and Accounting (AAA) provides a management mechanism for network security.

AAA provides the following functions:
  • Authentication: determines the users who can access the network. Authentication modes are as follows:
    • Non-authentication: Users are trusted without the check on their validity. This mode is rarely used.

    • Local authentication: Information about users is configured on a network access server (NAS). Local authentication features fast processing and low operation cost, whereas the amount of information that can be stored is limited by the hardware capacity of the device.

    • Remote authentication: Information about users is configured on an authentication server. Remote authentication supports the Remote Authentication Dial In User Service (RADIUS) protocol and the Huawei Terminal Access Controller Access Control System (HWTACACS) protocol.

  • Authorization: authorizes users to use particular services. Authorization modes are as follows:
    • Non-authorization: Users are not authorized.

    • Local authorization: Users are authorized based on related attributes of the local user accounts configured on the NAS.

    • HWTACACS authorization: A HWTACACS server authorizes users.

    • if-authenticated authorization: Users are authorized after the users pass the authentication in either local or remote authentication mode.

    • RADIUS authorization: Users pass the RADIUS authorization upon passing the RADIUS authentication. RADIUS integrates authentication and authorization. Therefore, RADIUS authorization cannot be performed separately.

  • Accounting: records the use of network resources by users. Accounting modes are as following:
    • Non-accounting: Users are not charged.

    • Remote accounting: A RADIUS server or a HWTACACS server performs remote accounting.

Procedure

  • Authentication scheme

    • Creating an authentication scheme

    1. Access the AAA Scheme tab page.

      Log in to the web platform and choose Security > AAA > AAA Scheme. As show in Figure 14-51.

      Figure 14-51  AAA Scheme

    2. Click Create in the Authentication Scheme area, and set parameters in the Create Authentication Scheme dialog box that is displayed. Table 14-24 describes the parameters. As show in Figure 14-52.

      Figure 14-52  Create Authentication Scheme

      Table 14-24  Authentication scheme parameters

      Parameter

      Description

      Authentication scheme name

      Name of an authentication scheme.

      First authentication mode

      The value can be RADIUS authentication, HWTACACS authentication, local authentication, or non-authentication.

      NOTE:

      Security risks exist if the configured authentication modes include Non-authentication. You can select which you need from RADIUS, HWTACACS and local authentication.

      Second authentication mode

      The value can be a mode except the first authentication mode. When the authentication server of the first authentication mode does not respond, the second authentication mode is triggered.

      When the first authentication mode is non-authentication, the second authentication mode cannot be configured.

      Third authentication mode

      The value can be a mode except the first and second authentication modes. When the authentication servers of the first and second authentication modes do not respond, the third authentication mode is triggered.

      When the second authentication mode is non-authentication or not configured, the third authentication mode cannot be configured.

      Fourth authentication mode

      The parameter must be set to non-authentication. When the authentication servers of the first, second, and third authentication modes do not respond, the fourth authentication mode is triggered.

      When the third authentication mode is non-authentication or not configured, the fourth authentication mode cannot be configured.

    3. Click OK.

    • Modifying an authentication scheme

    1. Access the AAA Scheme tab page.

      Log in to the web platform and choose Security > AAA > AAA Scheme.

    2. Select an authentication scheme in the Authentication Scheme area, and click .
    3. In the Modify Authentication Scheme dialog box that is displayed, modify the parameters. The parameter Authentication scheme name cannot be modified. The parameters are the same as those in Figure 14-52
    4. Click OK.

    • Deleting an authentication scheme

    1. Access the AAA Scheme tab page.

      Log in to the web platform and choose Security > AAA > AAA Scheme.

    2. Select the check box of an authentication scheme in the Authentication Scheme area, and click Delete.
    3. In the dialog box that is displayed, click OK.
  • Authorization scheme

    • Creating an authorization scheme

    1. Access the AAA Scheme tab page.

      Log in to the web platform and choose Security > AAA > AAA Scheme.

    2. Click Create in the Authorization Scheme area, and set parameters in the Create Authorization Scheme dialog box that is displayed. Table 14-25 describes the parameters. As show in Figure 14-53.

      Figure 14-53  Create Authorization Scheme

      Table 14-25  Authorization scheme parameters

      Parameter

      Description

      Authorization scheme name

      Name of an authorization scheme.

      First authorization mode

      The value can be IF-AUTHENTICATED authorization, HWTACACS authorization, local authorization, or non-authorization.

      Second authorization mode

      The value can be a mode except the first authorization mode. When the authorization server of the first authorization mode does not respond, the second authorization mode is triggered.

      When the first authorization mode is non-authorization, the second authorization mode cannot be configured.

      Third authorization mode

      The value can be a mode except the first and second authorization modes. When the authorization servers of the first and second authorization modes do not respond, the third authorization mode is triggered.

      When the second authorization mode is non-authorization or not configured, the third authorization mode cannot be configured.

      Fourth authorization mode

      The parameter must be set to non-authorization. When the authorization servers of the first, second, and third authorization modes do not respond, the fourth authorization mode is triggered.

      When the third authorization mode is non-authorization or not configured, the fourth authorization mode cannot be configured.

    3. Click OK.

    • Modifying an authorization scheme

    1. Access the AAA Scheme tab page.

      Log in to the web platform and choose Security > AAA > AAA Scheme.

    2. Select an authorization scheme in the Authorization Scheme area, and click .
    3. In the Modify Authorization Scheme dialog box that is displayed, modify the parameters. The parameter Authorization scheme name cannot be modified. The parameters are the same as those in Figure 14-53
    4. Click OK.

    • Deleting an authorization scheme

    1. Access the AAA Scheme tab page.

      Log in to the web platform and choose Security > AAA > AAA Scheme.

    2. Select the check box of an authorization scheme in the Authorization Scheme area, and click Delete.
    3. In the dialog box that is displayed, click OK.
  • Accounting scheme

    • Creating an accounting scheme

    1. Access the AAA Scheme tab page.

      Log in to the web platform and choose Security > AAA > AAA Scheme.

    2. Click Create in the Accounting Scheme area, and set parameters in the Create Accounting Scheme dialog box that is displayed. Table 14-26 describes the parameters. As show in Figure 14-54.
    3. Click OK.

      Figure 14-54  Create Accounting Scheme

      Table 14-26  Accounting scheme parameters

      Parameter

      Description

      Accounting scheme name

      Name of an accounting scheme.

      Accounting mode

      The value can be RADIUS accounting, HWTACACS accounting, or non-accounting.

    • Modifying an accounting scheme

    1. Access the AAA Scheme tab page.

      Log in to the web platform and choose Security > AAA > AAA Scheme.

    2. Select an accounting scheme in the Accounting Scheme area, and click .
    3. In the Modify Accounting Scheme dialog box that is displayed, modify the parameters. The parameter Accounting scheme name cannot be modified. The parameters are the same as those in Figure 14-54
    4. Click OK.

    • Deleting an accounting scheme

    1. Access the AAA Scheme tab page.

      Log in to the web platform and choose Security > AAA > AAA Scheme.

    2. Select the check box of an accounting scheme in the Accounting Scheme area, and click Delete.
    3. In the dialog box that is displayed, click OK.
Download
Updated: 2019-04-12

Document ID: EDOC1100041803

Views: 37969

Downloads: 103

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next