No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

CloudEngine 8800, 7800, 6800, and 5800 V200R005C10

This document describes the configurations of Security, including ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, Port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Licensing Requirements and Limitations for AAA

Licensing Requirements and Limitations for AAA

Involved Network Elements

Table 1-13 Components involved in AAA networking

Role

Product Model

Description

AAA server

Huawei servers or third-party AAA servers.

Performs authentication, accounting, and authorization on users.

Licensing Requirements

AAA is a basic feature of the device and is not under license control.

Version Requirements

Table 1-14 Products and minimum version supporting AAA

Product Model

Minimum Version Required

CE8860EI

V100R006C00

CE8861EI

V200R005C10

CE8868EI

V200R005C10

CE8850-32CQ-EI

V200R002C50

CE8850-64CQ-EI

V200R005C00

CE7850EI

V100R003C00

CE7855EI

V200R001C00

CE6810EI

V100R003C00

CE6810-48S4Q-LI/CE6810-48S-LI

V100R003C10

CE6810-32T16S4Q-LI/CE6810-24S2Q-LI

V100R005C10

CE6850EI

V100R001C00

CE6850-48S6Q-HI

V100R005C00

CE6850-48T6Q-HI/CE6850U-HI/CE6851HI

V100R005C10

CE6855HI

V200R001C00

CE6856HI

V200R002C50

CE6857EI

V200R005C10

CE6860EI

V200R002C50

CE6865EI

V200R005C00

CE6870-24S6CQ-EI/CE6870-48S6CQ-EI

V200R001C00

CE6870-48T6CQ-EI

V200R002C50

CE6875EI

V200R003C00

CE6880EI

V200R002C50

CE5810EI

V100R002C00

CE5850EI

V100R001C00

CE5850HI

V100R003C00

CE5855EI

V100R005C10

CE5880EI

V200R005C10

Feature Limitations

When deploying AAA on the switch, pay attention to the following:
  • To ensure device security, you are advised to change the password frequently.

  • After you change a local account's rights (including the password, access type, FTP directory, and level), the rights of users who are already online remain unchanged. Rather, the rights are only changed once a user goes online again.

  • Do not disable the password complexity check for local accounts. Simple passwords pose potential security risks to the device and services.

  • To ensure security of data transmission between the device and the RADIUS or HWTACACS server, deploy the device and RADIUS or HWTACACS server in a security domain.

  • In V100R006 and later versions, local authorization is successful only when the user access method is the same as that configured by the local-user user-name service-type { none | dot1x | { ftp | snmp | ssh | telnet | terminal } * command.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100074765

Views: 18772

Downloads: 64

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next