No relevant resource is found in the selected language.
This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>
Your browser version is too early. Some functions of the website may be unavailable. To obtain better user experience, upgrade the browser to the latest version.
CloudEngine 12800 and 12800E V200R005C10 Configuration Guide - Security
This document describes the configurations of Security, including AAA, 802.1x Authentication, ACL, TCAM ACL Customization, local attack defense, Microsegmentation, MFF, attack defense, traffic suppression and storm control, ARP security, Port security, MACsec, DHCP snooping, IPSG, URPF, SSL, Keychain and FIPS.
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring AAA Schemes
Configuring AAA Schemes
Context
To use RADIUS AAA, set the authentication mode in the
authentication scheme and accounting mode in the accounting scheme
to RADIUS.
When configuring RADIUS authentication, you can specify
local authentication as the backup. This allows local authentication
or non-authentication to be implemented if RADIUS authentication fails.
Procedure
Configure an authentication scheme.
Run system-view
The system view is displayed.
Run aaa
The AAA view is displayed.
Run authentication-schemeauthentication-scheme-name
An authentication scheme is created and the authentication scheme
view is displayed, or the view of an existing authentication scheme
is displayed.
A default authentication scheme named default is available
on the device. This authentication scheme can be modified but not
deleted.
Run authentication-moderadius
The RADIUS authentication mode is specified.
By default, local authentication is used.
To use local
authentication as the backup, run the authentication-moderadiuslocal command.
If multiple authentication modes are configured in an authentication
scheme, authentication modes are prioritized in the order in which
they were configured. The device uses the authentication mode that
was configured later only when it does not receive any response from
the current authentication mode. The device stops authentication if
the current authentication fails.
(Optional) Run authentication-typeradiusmschapv1
The RADIUS authentication
type is set to Microsoft Challenge Handshake Authentication Protocol
version 1 (MSCHAPv1).
The default RADIUS authentication type
is PAP.
Run commit
The configuration is
committed.
Configure an accounting scheme.
Run system-view
The system view is displayed.
Run aaa
The AAA view is displayed.
Run accounting-schemeaccounting-scheme-name
An accounting scheme is created and the accounting scheme view is
displayed, or the view of an existing accounting scheme is displayed.
A default accounting scheme named default is available on the device. This accounting scheme can be modified
but not deleted.
