No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


S600-E V200R013C00 Configuration Guide - User Access and Authentication

This document describes the configurations of User Access and Authentication Configuration, including AAA, NAC, and Policy Association.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Licensing Requirements and Limitations for AAA

Licensing Requirements and Limitations for AAA

Involved Network Elements

Table 1-29  Components involved in AAA networking


Product Model


AAA server

Huawei server or third-party AAA server

Performs authentication, accounting, and authorization for users.

Licensing Requirements

AAA is a basic feature of a switch and is not under license control.

Version Requirements

Table 1-30  Products and versions supporting AAA

Product Model

Software Version


V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00

For details about software mappings, visit Hardware Query Tool and search for the desired product model.

Feature Limitations

  • To prevent data transmission risks between the device and the RADIUS or HWTACACS server, you are advised to deploy the device and RADIUS or HWTACACS server in a security domain.
  • The authorization scheme and UCL group are not supported in the traditional NAC mode. The authorization user group is supported only in the traditional NAC mode.
  • If non-authentication is configured using the authentication-mode (authentication scheme view) command, users can pass the authentication using any user name or password. To protect the device and improve network security, you are advised to enable authentication to allow only authenticated users to access the device or network.
  • By default, the global default common domain default and global default management domain default_admin are bound to the accounting scheme default. Modifying the accounting scheme default affects configurations of the two domains. Exercise caution when modifying the accounting scheme to prevent user accounting failures.
Updated: 2019-04-20

Document ID: EDOC1100066170

Views: 27400

Downloads: 7

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Previous Next