Example For Configuring Hwtacacs Authentication, Accounting, And Authorization - Huawei Quidway S3700 Series Configuration Manual

Quidway S3700 Series Ethernet Switches
Configuration Guide - Security
Configuration Files
#
sysname Quidway
#
radius-server template shiva
radius-server shared-key cipher 3MQ*TZ,O3KCQ=^Q`MAF4<1!!
radius-server authentication 129.7.66.66 1812
radius-server authentication 129.7.66.67 1812 secondary
radius-server accounting 129.7.66.66 1813
radius-server accounting 129.7.66.67 1813 secondary
radius-server retransmit 2
#
aaa
authentication-scheme default
authentication-scheme 1
authentication-mode radius
authorization-scheme default
accounting-scheme default
accounting-scheme 1
accounting-mode radius
domain default
domain default_admin
domain huawei
authentication-scheme 1
accounting-scheme 1
radius-server shiva
#
return
1.10.2 Example for Configuring HWTACACS Authentication,
Accounting, and Authorization
Networking Requirements
As shown in
l
l
l
l
l
l
Issue 01 (2011-07-15)
Figure 1-2:
The HWTACACS server is adopted to authenticate access users. If HWTACACS server
authentication fails, Access users are authenticated locally.
HWTACACS authentication is required before the level of access users is promoted. If the
HWTACACS authentication is not responded, local authentication is performed.
HWTACACS authorization is performed to access users.
All access users need to be charged.
Interim accounting is performed every 3 minutes.
The primary HWTACACS server is 129.7.66.66/24, and the IP address of the secondary
HWTACACS server is 129.7.66.67/24. The port number of the server for authentication,
accounting, and authorization is 49.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1 AAA and User Management Configuration
42