Huawei Quidway S9300 Configuration Manual page 68
Terabit routing switch
Hide thumbs
Also See for Quidway S9300:
- Configuration manual - network management (630 pages) ,
- Configuration manual (603 pages) ,
- Configuration manual - multicast (262 pages)
Table of Contents
Advertisement
1 AAA and User Management Configuration
Procedure
Step 1 Configure an HWTACACS server template.
# Configure an HWTACACS server template named ht.
<Quidway> system-view
[Quidway] hwtacacs-server template ht
# Configure the IP address and port number of the primary HWTACACS server for
authentication, authorization, and accounting.
[Quidway-hwtacacs-ht] hwtacacs-server authentication 129.7.66.66 49
[Quidway-hwtacacs-ht] hwtacacs-server authorization 129.7.66.66 49
[Quidway-hwtacacs-ht] hwtacacs-server accounting 129.7.66.66 49
# Configure the IP address and port number of the secondary HWTACACS server for
authentication, authorization, and accounting.
[Quidway-hwtacacs-ht] hwtacacs-server authentication 129.7.66.67 49 secondary
[Quidway-hwtacacs-ht] hwtacacs-server authorization 129.7.66.67 49 secondary
[Quidway-hwtacacs-ht] hwtacacs-server accounting 129.7.66.67 49 secondary
# Configure the key of the TACACS server.
[Quidway-hwtacacs-ht] hwtacacs-server shared-key cipher hello
[Quidway-hwtacacs-ht] quit
Step 2 Configure the authentication, authorization, and accounting schemes.
# Create an authentication scheme 1-h and set the authentication mode to local-HWTACACS,
that is, the system performs the local authentication first and then the HWTACACS
authentication. The HWTACACS authentication supersedes the local authentication when the
level of a user is promoted.
[Quidway] aaa
[Quidway-aaa] authentication-scheme l-h
[Quidway-aaa-authen-l-h] authentication-mode local hwtacacs
[Quidway-aaa-authen-l-h] authentication-super hwtacacs super
[Quidway-aaa-authen-l-h] quit
# Create an authorization scheme hwtacacs, and set the authorization mode to HWTACACS.
[Quidway-aaa] authorization-scheme hwtacacs
[Quidway-aaa-author-hwtacacs] authorization-mode hwtacacs
[Quidway-aaa-author-hwtacacs] quit
# Create an accounting scheme hwtacacs, and set the accounting mode to HWTACACS.
[Quidway-aaa] accounting-scheme hwtacacs
[Quidway-aaa-accounting-hwtacacs] accounting-mode hwtacacs
# Set the interval of interim accounting to 3 minutes.
[Quidway-aaa-accounting-hwtacacs] accounting realtime 3
[Quidway-aaa-accounting-hwtacacs] quit
Step 3 Create a domain Huawei and apply the authentication scheme 1-h, the HWTACACS
authentication scheme, the HWTACACS accounting scheme, and the HWTACACS template
of ht to the domain.
[Quidway-aaa] domain huawei
[Quidway-aaa-domain-huawei] authentication-scheme l-h
[Quidway-aaa-domain-huawei] authorization-scheme hwtacacs
[Quidway-aaa-domain-huawei] accounting-scheme hwtacacs
[Quidway-aaa-domain-huawei] hwtacacs-server ht
1-46
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
Issue 06 (2010–01–08)
Advertisement
Chapters
Table of Contents
