No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 V800R010C10SPC500 Feature Description - System Management 01

This is ME60 V800R010C10SPC500 Feature Description - System Management
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
SNMP Support for AAA Users

SNMP Support for AAA Users

Background

AAA is an authentication, authorization, and accounting technique. AAA local users can be configured to log in to a device through FTP, Telnet, or SSH. However, SNMPv3 supports only SNMP users, which can be an inconvenience in unified network device management.

To resolve this issue, configure SNMP to support AAA users. AAA users can then access the NMS, and MIB node operation authorization can be performed based on tasks. The NMS does not distinguish AAA users and SNMP users.

Figure 7-10 shows the process of an AAA user logging in to the NMS through SNMP.

Figure 7-10 Process of an AAA user logging in to the NMS through SNMP

Principles

Figure 7-11 shows the principles of SNMP's support for AAA users.

  1. Create a local AAA user.

    If the AAA user needs to log in through SNMP, the user name must have less than 32 characters.

  2. Configure the AAA user to log in through SNMP.

  3. SNMP synchronizes the AAA user data and updates the SNMP user list. Configure a mode to authenticate the AAA user and a mode to encrypt the AAA user's data.

    The AAA user's authentication and encryption modes are SNMP. An authentication password is not used.

After the preceding operations are performed, the AAA user can log in to the NMS in the same way as an SNMP user.

Figure 7-11 Principles of SNMP's support for AAA users
NOTE:

To improve system security, it is recommended to configure different authentication and encryption passwords for an SNMP local user.

Task-based MIB Node Operation Authorization

AAA allows you to perform the following operations:

  • Configure users, user groups, tasks, and task groups.
  • Add a user to a user group and associate a user group with a task group.
  • Configure multiple tasks in a task group.

You can configure the read, write, and execute permissions for a specific task to control MIB node operations that an AAA user is allowed to perform. As shown in Figure 7-12:

  • MIB nodes 1 and 2 are added to task 1.
  • Task group 1 is associated with user group 1.
  • User 1 is added to user group 1

If the read permission is assigned in task 1, user 1 is allowed to read MIB nodes 1 and 2.

Figure 7-12 Task-based MIB node operation authorization
Translation
Download
Updated: 2019-01-04

Document ID: EDOC1100059466

Views: 10539

Downloads: 7

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next