No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


S600-E V200R013C00 Configuration Guide - User Access and Authentication

This document describes the configurations of User Access and Authentication Configuration, including AAA, NAC, and Policy Association.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Local Authentication and Authorization

Local Authentication and Authorization

Local AAA Server

A device functioning as an AAA server is called a local AAA server that performs user authentication and authorization and cannot perform user accounting.

Similar to the remote AAA server, the local AAA server requires the local user names, passwords, and authorization information of local users. The authentication and authorization speed of a local AAA server is faster than that of a remote AAA server, which reduces operation costs. However, the information storage capacity of a local AAA server is subject to the device hardware.

Security Policy for Local User Password

Password Length and Complexity

When an administrator creates local users on a device, the length and complexity of local users' passwords have been controlled by commands on the device. The complexity check requires that the password must be a combination of at least two of the following: digits, lowercase letters, uppercase letters, and special characters. In addition, a password must consist of at least eight characters.

Password Validity Period

After the local administrator password policy is enabled, the local administrator can set the password validity period. The default validity period is 90 days and can be changed.

If the password of a local user expires and the local user still uses this password to log in to the device, the device prompts the user that the password has expired, and asks the user whether to change the password. The device then performs the following operations depending on the user selection:
  • If the user enters Y, the user needs to enter the old password, new password, and confirm password. The password can be successfully changed only when the old password is correct and the new password and confirm password are the same and meet password length and complexity requirements.
  • If the user enters N or fails to change the password, the user cannot log in to the device.
The device also supports the password expiration prompt function. When a user logs in to the device, the device checks how many days the password is valid for. If the number of days is less than the prompt days set in the command, the device notifies the user how long the password will expire and asks the user whether to change the password.
  • If the user changes the password, the device records the new password and modification time.
  • If the user does not change the password or fails to change the password, the user still can log in to the device as long as the password has not expired.

Password Modification Policy

During password modification, you are not advised to use old passwords. By default, the new password cannot be the same as those used for the last five times.

The local administrator can change the password of an equal- or lower-level local user.

Updated: 2019-04-20

Document ID: EDOC1100066170

Views: 27233

Downloads: 7

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Previous Next