No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
authentication-mode (authentication scheme view)

authentication-mode (authentication scheme view)


The authentication-mode command configures an authentication mode for an authentication scheme.

The undo authentication-mode command restores the default authentication mode in an authentication scheme.

By default, local authentication is used. The names of local users are case-insensitive.


authentication-mode { ad | hwtacacs | ldap | [ local | local-case ] | radius } * [ none ]

authentication-mode none

undo authentication-mode


Parameter Description Value
ad Authenticates users using an AD server. To perform AD authentication, configure an AD authentication server in an AD server template. -
hwtacacs Authenticates users using an HWTACACS server. To perform HWTACACS authentication, configure an HWTACACS authentication server in an HWTACACS server template. -
ldap Authenticates users using an LDAP server. To perform LDAP authentication, configure an LDAP authentication server in an LDAP server template. -
local Authenticates users locally and sets local user names to case-insensitive. -
local-case Authenticates users locally and sets local user names to case-sensitive. -
radius Authenticates users using a RADIUS server. To perform RADIUS authentication, configure a RADIUS authentication server in a RADIUS server template. -
none Indicates non-authentication. That is, users access the network without being authenticated. -


Authentication scheme view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To authenticate users, configure an authentication mode in an authentication scheme.

If multiple authentication modes are configured in an authentication scheme, the authentication modes are used according to the sequence in which they were configured.

  • In the sequence of local authentication followed by remote authentication:

    If a login account is not created locally but exists on the remote server, the authentication mode is changed from local authentication to remote authentication.

    If a login account is created locally and on the remote server, and local authentication fails because the password is incorrect, remote authentication will not be performed.

  • In the sequence of remote authentication followed by local authentication:

    If a login account is created locally but not on the remote server, remote authentication fails and local authentication will not be performed.

    A user is authenticated using the local authentication mode only when the remote server is Down or does not respond to the user's authentication request.

You can configure multiple authentication modes in an authentication scheme to reduce authentication failure possibilities.
  • After the authentication-mode radius local command is used, the device cannot complete RADIUS authentication if it fails to connect to the RADIUS authentication server. In this case, the device starts local authentication.

  • After the authentication-mode local radius command is used, if the entered user name exists on the device but the entered password is incorrect, the user fails the authentication; if the entered user name does not exist on the device, the user is redirected to the RADIUS authentication mode and is authenticated based on user information on the RADIUS server.

  • When both RADIUS authentication and non-authentication are configured, if the user fails the RADIUS authentication, non-authentication cannot be used. As a result, a user fails to log in.
  • If you run the authentication-mode command to configure non-authentication and run the authentication-mode (user interface view) command to configure AAA authentication, the device does not allow administrators to log in from the user interface view.


If non-authentication is configured using the authentication-mode command, users can pass the authentication using any user name or password. Therefore, to protect the device and improve network security, you are advised to enable authentication, allowing only authenticated users to access the device or network.


# Configure the authentication scheme named scheme1 to use RADIUS authentication.

<Huawei> system-view
[Huawei] aaa
[Huawei-aaa] authentication-scheme scheme1
[Huawei-aaa-authen-scheme1] authentication-mode radius
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 202274

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next