Licensing Requirements and Limitations for AAA
Involved Network Elements
Role |
Product Model |
Description |
|---|---|---|
AAA server |
Huawei servers or third-party AAA servers. |
Performs authentication, accounting, and authorization on users. |
Licensing Requirements
AAA is a basic function of the switch, and as such is controlled by the license for basic software functions. The license for basic software functions has been loaded and activated before delivery. You do not need to manually activate it.
Version Requirements
Product Model |
Minimum Version Required |
|---|---|
CE12804/CE12808/CE12812 |
V100R001C00 |
CE12816 |
V100R003C00 |
CE12804S/CE12808S |
V100R005C00 |
CE12804E/CE12808E/CE12816E |
V200R002C50 |
For details about the mapping between software versions and switch models, see the Hardware Query Tool.
Software version evolution: V100R001C00 -> V100R002C00 -> V100R003C00 -> V100R003C10 -> V100R005C00 -> V100R005C10 -> V100R006C00 -> V200R001C00 -> V200R002C50 -> V200R003C00 -> V200R005C00 -> V200R005C10 -> V200R019C00 -> V200R019C10
Feature Limitations
To ensure device security, you are advised to change the password frequently.
After you change a local account's rights (including the password, access type, FTP directory, and level), the rights of users who are already online remain unchanged. Rather, the rights are only changed once a user goes online again.
Do not disable the password complexity check for local accounts. Simple passwords pose potential security risks to the device and services.
To ensure security of data transmission between the device and the RADIUS or HWTACACS server, deploy the device and RADIUS or HWTACACS server in a security domain.
In V100R006 and later versions, local authorization is successful only when the user access method is the same as that configured by the local-user user-name service-type { none | dot1x | { ftp | snmp | ssh | telnet | terminal } * command.