Huawei Quidway S5600 Series Operation Manual page 575

Operation Manual – AAA & RADIUS & HWTACACS & EAD
Quidway S5600 Series Ethernet Switches-Release 1510
<Quidway> system-view
[Quidway]
# Adopt AAA authentication for Telnet users.
[Quidway] user-interface vty 0 4
[Quidway-ui-vty0-4] authentication-mode scheme
# Create and configure a local user named telnet.
[Quidway] local-user telnet
[Quidway-luser-telnet] service-type telnet
[Quidway-luser-telnet] password simple huawei
[Quidway-luser-telnet] attribute idle-cut 300 access-limit 5
[Quidway] domain system
[Quidway-isp-system] scheme local
A Telnet user logging into the switch with the name telnet@system belongs to the
system domain and will be authenticated according to the configuration of the system
domain.
Method 2: using a local RADIUS server
This method is similar to the remote authentication method described in section 1.7.1 .
You only need to change the server IP address, the authentication password, and the
UDP port number for authentication service in configuration step "Configure a RADIUS
scheme" in section 1.7.1 to 127.0.0.1, huawei, and 1645 respectively, and configure
local users (whether the name of local user carries domain name should be consistent
with the configuration in RADIUS scheme).
1.7.3 TACACS Authentication/Authorization of Telnet Users
I. Network requirements
You are required to configure the switch so that the Telnet users logging in to the
TACACS server are authenticated and authorized. Configure the switch to A TACACS
server with IP address 10.110.91.164 is connected to the switch. This server will be
used as the AAA server. On the switch, set the shared key that is used to exchange
packets with the AAA TACACS server to "expert". Configure the switch to strip off the
domain name in the user name to be sent to the TACACS server.
Configure the shared key to "expert" on the TACACS server for exchanging packets
with the switch.
Huawei Technologies Proprietary
1-45
Chapter 1 AAA & RADIUS & HWTACACS
Configuration