No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R013C00 Configuration Guide - User Access and Authentication

This document describes the configurations of User Access and Authentication Configuration, including AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an HWTACACS Server Template

Configuring an HWTACACS Server Template

Context

When configuring an HWTACACS server template, you must specify the IP address, port number, and shared key of a specified HWTACACS server. Other settings, such as the HWTACACS user name format and traffic unit, have default values and can be modified based on network requirements.

The HWTACACS server template settings such as the HWTACACS user name format and shared key must be the same as those on the HWTACACS server.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run hwtacacs enable

    HWTACACS is enabled.

    By default, HWTACACS is enabled.

  3. Run hwtacacs-server template template-name

    An HWTACACS server template is created and the HWTACACS server template view is displayed.

    By default, no HWTACACS server template is configured on the device.

  4. Configure HWTACACS authentication, authorization, and accounting servers.

    Configuration

    Command

    Description

    Configure an HWTACACS authentication server.

    hwtacacs-server authentication ip-address [ port ] [ public-net | vpn-instance vpn-instance-name ] [ secondary | third ]

    By default, no HWTACACS authentication server is configured.

    Configure an HWTACACS authorization server.

    hwtacacs-server authorization ip-address [ port ] [ public-net | vpn-instance vpn-instance-name ] [ secondary | third ]

    By default, no HWTACACS authorization server is configured.

    Configure an HWTACACS accounting server.

    hwtacacs-server accounting ip-address [ port ] [ public-net | vpn-instance vpn-instance-name ] [ secondary | third ]

    By default, no HWTACACS accounting server is configured.

  5. Set parameters for interconnection between the device and an HWTACACS server.

    Procedure

    Command

    Description

    Set the shared key for the HWTACACS server.

    hwtacacs-server shared-key cipher key-string

    By default, no shared key is set for an HWTACACS server.

    (Optional) Configure the format of the user name in the packet sent by the device to the HWTACACS server.

    • Configure the user name to contain the domain name: hwtacacs-server user-name domain-included
    • Configure the original user name: hwtacacs-server user-name original
    • Configure the user name not to contain the domain name: undo hwtacacs-server user-name domain-included

    By default, the device does not change the user name entered by the user when sending packets to the HWTACACS server.

    (Optional) Set the HWTACACS traffic unit.

    hwtacacs-server traffic-unit { byte | kbyte | mbyte | gbyte }

    The default HWTACACS traffic unit on the device is bytes.

    (Optional) Set the source IP address for communication between the device and HWTACACS server.

    hwtacacs-server source-ip { ip-address | source-loopback interface- number }

    By default, the device uses the IP address of the actual outbound interface as the source IP address encapsulated in HWTACACS packets.

  6. (Optional) Set the response timeout interval and activation interval for the HWTACACS server.

    Procedure

    Command

    Description

    Set the response timeout interval for the HWTACACS server.

    hwtacacs-server timer response-timeout interval

    The default response timeout interval for an HWTACACS server is 5 seconds.

    If the device does not receive a response packet from an HWTACACS server within the response timeout interval, it considers that the HWTACACS server is unreachable and then tries other authentication and authorization methods.

    Set the interval for the primary HWTACACS server to restore to the active state.

    hwtacacs-server timer quiet interval

    The default interval for the primary HWTACACS server to restore to the active state is 5 minutes.

  7. Run quit

    The system view is displayed.

  8. (Optional) Run hwtacacs-server accounting-stop-packet resend { disable | enable number }

    Retransmission of accounting-stop packets is enabled and the number of packets that can be retransmitted each time is specified.

    By default, retransmission of accounting-stop packets is enabled, and 100 account-stop packets can be retransmitted each time.

  9. Run return

    The user view is displayed.

  10. (Optional) Run hwtacacs-user change-password hwtacacs-server template-name

    The password saved on the HWTACACS server is changed.

    NOTE:

    To ensure device security, you are advised to frequently change the password.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100066170

Views: 20285

Downloads: 6

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next