Configuring Aaa Schemes; Establishing The Configuration Task - Huawei Quidway S2700 Series Configuration Manual
Hide thumbs
Also See for Quidway S2700 Series:
- Configuration manual (354 pages) ,
- Hardware installation and maintenance manual (183 pages) ,
- Quick start manual (62 pages)
Table of Contents
Advertisement
Quidway S2700 Series Ethernet Switches
Configuration Guide - Security
The S2700 supports up to 32 domains, including the two default domains.
The priority of authorization configured in a domain is lower than the priority configured on an
AAA server. That is, the authorization attribute sent by the AAA server is used preferentially.
The authorization attribute in the domain takes effect only when the AAA server does not have
or provide this authorization. In this manner, you can add services flexibly based on the domain
management, regardless of the attributes provided by the AAA server.
RADIUS and HWTACACS Server Templates
When RADIUS or HWTACACS is specified in an authentication or an authorization scheme
for communication between the client and the server, you must configure a RADIUS or an
HWTACACS server template in a domain.
l
l
1.3 Configuring AAA Schemes
This section describes how to configure an authentication scheme, an authorization scheme, and
a recording scheme on the S2700.
1.3.1 Establishing the Configuration Task
Applicable Environment
AAA schemes of the S2700 consists of the authentication scheme, authorization scheme,
accounting scheme, and recording scheme. The S2700 prescribes the authentication,
authorization, accounting, and recording modes (local processing, remote processing, or no
processing) and relevant parameters for users according to AAA schemes.
After AAA schemes are configured, you can apply AAA schemes to a domain. The S2700 then
uses the scheme to perform authentication, authorization, and accounting for users in the domain.
You can configure different recording schemes for different transactions in the AAA view.
Pre-configuration Tasks
None
Data Preparation
To configure AAA schemes, you need the following data.
Issue 01 (2011-07-15)
In a RADIUS server template, you can set the attributes such as the IP addresses, port
number, and key of the authentication server and accounting server.
In an HWTACACS template, you can set the attributes such as the IP addresses, port
number, and key of the authentication server, accounting server, and authorization server.
NOTE
Authentication and authorization are used together in RADIUS; therefore, you cannot use RADIUS alone
to perform authorization.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1 AAA and User Management Configuration
4
Advertisement
Table of Contents
