Configuring Local User Management - Huawei Quidway S9300 Configuration Manual

Terabit routing switch v100r001c03

Hide thumbs Also See for Quidway S9300:

Configuration manual - network management (630 pages)

Configuration manual (603 pages)

Configuration manual - multicast (262 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

page of 178

/ 178
Contents
Table of Contents
Bookmarks

Table of Contents

Quidway S9300 Terabit Routing Switch

Configuration Guide - Security

Local User Management

To perform local user management, you need to set up the local user database, maintain user

information, and manage users on the local S9300.

In local authentication or local authorization mode, you need to perform the task of

Configuring Local User

Domain-based User Management

The S9300 manages users based on the domain. You can configure authentication and

authorization schemes in a domain. Then, the specified schemes are adopted to perform

authentication and authorization for users that belong to the domain.

All the users of the S9300 belong to a domain. The domain that a user belongs to depends on

the character string that follows the @ of a user name. . For example, the user of "user@huawei"

belongs to the domain "huawei". If there is no "@" in the user name, the user belongs to the

domain default.

By default, a domain named default exists on the S9300. This domain can be modified but

cannot be deleted. You can create up to 254 domains on the S9300 in addition to the default

domain.

The priority of authorization configured in a domain is lower than the priority configured on an

AAA server. That is, the authorization attribute sent by the AAA server is used preferentially.

The authorization attribute in the domain takes effect only when the AAA server does not have

or provide this authorization. In this manner, you can add services flexibly based on the domain

management, regardless of the attributes provided by the AAA server.

RADIUS and HWTACACS Server Templates

When RADIUS or HWTACACS is specified in an authentication or an authorization scheme

for communication between the client and the server, you must configure a RADIUS or an

HWTACACS server template.

In the RADIUS or HWTACACS server template, you can configure the attributes including IP

addresses of authentication and authorization servers.

1.3 Configuring Local User Management

This section describes how to configure local user management on the S9300.

Issue 01 (2009-07-28)

Non-authorization: completely trusts users and directly authorizes them.

Local authorization: authorizes users according to the configured attributes of local user

accounts on the S9300.

Remote authorization: authorizes users remotely through HWTACACS. The S9300

functions as the client to communicate with the authorization server.

If-authenticated authorization: authorizes users after the users pass authentication in local

or remote authentication mode.

Management.

NOTE

Authentication and authorization are used together in RADIUS; therefore, you cannot use RADIUS alone

to perform authorization.

Huawei Proprietary and Confidential

1 AAA and User Management Configuration

1.3

1-3

Table of Contents

Configuring Local User Management - Huawei Quidway S9300 Configuration Manual

1.3 Configuring Local User Management

Related Manuals for Huawei Quidway S9300

Related Content for Huawei Quidway S9300

Table of Contents