Introduction To Aaa And User Management; Aaa And User Management Features Supported By The S2700 - Huawei Quidway S2700 Series Configuration Manual
Hide thumbs
Also See for Quidway S2700 Series:
- Configuration manual (354 pages) ,
- Hardware installation and maintenance manual (183 pages) ,
- Quick start manual (62 pages)
Table of Contents
Advertisement
Quidway S2700 Series Ethernet Switches
Configuration Guide - Security
1.1 Introduction to AAA and User Management
This section describes the knowledge of AAA and user management.
AAA
AAA provides the following types of services:
l
l
l
AAA adopts the client/server model, which features good extensibility and facilitates
concentrated management over user information.
Domain-based User Management
User authentication, authorization, and accounting are performed in the domain view. Users can
be managed based in the domain. You can configure authorization, authentication and
accounting schemes, and create RADIUS or HWTACACS server templates in the domain.
Local User Management
To perform local user management, you need to set up the local user database, maintain user
information, and manage users on the local S2700.
1.2 AAA and User Management Features Supported by the
S2700
This section describes the AAA and user management features supported by the S2700.
AAA
The S2700 provides authentication schemes in the following modes:
l
l
l
Issue 01 (2011-07-15)
Authentication: determines if the certain users can access the network.
Authorization: authorizes the user to use certain services.
Accounting: records network resource usage of the user.
Non-authentication: In this mode, the S2700 does not authenticate user validity when users
are trusted. This mode is not adopted in other scenarios.
Local authentication: In this mode, user information such as user names, passwords, and
other attributes is configured on theS2700. The S2700 authenticates users according to the
information. In local authentication mode, the processing speed is fast, but the capacity of
information storage is restricted by the hardware.
Remote authentication: In this mode, user information such as user names, passwords, and
other attributes is configured on an authentication server. The S2700 functions as the client
to communicate with the authentication server through the RADIUS or HWTACACS
protocol.
NOTE
If both HWTACACS authentication and non-authentication are configured, HWTACACS authentication
is preferred.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1 AAA and User Management Configuration
2
Advertisement
Table of Contents
