No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R013C00 Configuration Guide - User Access and Authentication

This document describes the configurations of User Access and Authentication Configuration, including AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
If Both RADIUS Authentication and Local Authentication Are Configured, When Does the Device Perform Local Authentication?

If Both RADIUS Authentication and Local Authentication Are Configured, When Does the Device Perform Local Authentication?

If multiple authentication modes are configured, the device chooses these authentication modes according to the order in which they were configured. The device uses the authentication mode that was configured later only when that configured earlier does not respond. However, if the user fails authentication, the device does not use other authentication modes.

For example, if both RADIUS authentication and local authentication are configured in an authentication scheme using the authentication-mode radius local command and RADIUS authentication is configured first, the device performs local authentication only when the connection with the RADIUS server times out. When local authentication is used, users can log in to the device only if local authentication is correctly configured on the device. For example, the device must be configured with the correct user name and password, access type, and authentication mode. The following example is the configuration of local authentication through Telnet login.

<HUAWEI> system-view
[HUAWEI] telnet server enable  //Enable the Telnet service.
[HUAWEI] user-interface maximum-vty 15  //Set the maximum number of VTY login users to 15.
[HUAWEI] user-interface vty 0 14  //Enter the view of VTY users at levels 0-14.
[HUAWEI-ui-vty0-14] authentication-mode aaa  //Set the VTY authentication mode to AAA. 
[HUAWEI-ui-vty0-14] protocol inbound telnet  //Configure the VTY user interface to support Telnet.
[HUAWEI-ui-vty0-14] quit
[HUAWEI] aaa
[HUAWEI-aaa] local-user user1 password irreversible-cipher Huawei@1234  //Create the local user user1 and set the password. The password is displayed in cipher text in the configuration file, so remember the password. If you forget the password, run this command again to overwrite the old configuration.
[HUAWEI-aaa] local-user user1 service-type telnet  //Set the access type of user1 to Telnet. This user can only log in to the device through Telnet.
[HUAWEI-aaa] local-user user1 privilege level 15  //Set the user level of user1 to 15. After login, the user can run the commands at level 0-15.
[HUAWEI-aaa] quit

This rule also applies to HWTACACS authentication and local authentication. That is, the device performs local authentication only when the connection with the HWTACACS server times out.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100066170

Views: 20336

Downloads: 6

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next