Huawei SmartAX MA5616 Configuration Manual page 117

SmartAX MA5616 Multi-service Access Module
Configuration Guide
Step 3 Create a domain named isp1.
huawei(config)#aaa
huawei(config-aaa)#domain isp1
Info: Create a new domain
Step 4 Use the authentication scheme login-auth.
You can use an authentication scheme in a domain only after the authentication scheme is
created.
huawei(config-aaa-domain-isp1)#authentication-scheme login-auth
Step 5 Bind the RADIUS server template test-login to the user.
You can use a RADIUS server template in a domain only after the RADIUS server template is
created.
huawei(config-aaa-domain-isp1)#radius-server test-login
huawei(config-aaa-domain-isp1)#quit
Step 6 Configure the authentication mode of the management user.
In the global config mode, run the terminal user authentication-mode command to configure
the authentication of the management user to remote AAA.
huawei(config)#terminal user authentication-mode aaa isp1
Step 7 (Optional) Configure the local management user of the device.
If the RADIUS server is unreachable, local authentication can be used to log in to the system.
If the RADIUS server is reachable, none of the management users can log in to the system
through local authentication, except the root user.
Ensure that the user name and password of the local management user are the same as those
specified on the RADIUS server. Otherwise, login to the system fails.
huawei(config)#terminal user name
User Name(length<6,15>):user01
user01
User Password(length<6,15>):
RADIUS server
Confirm Password(length<6,15>):
User profile name(<=15 chars)[root]:
User's Level:
Issue 04 (2011-10-30)
NOTE
l A domain is a group of users of the same type.
l When the user name is in the format of userid@domain-name (for example,
huawei20041028@isp1.net), "domain-name" followed by "@" is the domain name, and "userid" is
the user name used for authentication.
l The common domain name for login cannot exceed 15 characters, and the domain name for 802.1x
authentication cannot exceed 20 characters.
NOTE
l Only the root user can run this command.
l After the authentication of the management user is configured to remote AAA, the system prefers
RADIUS authentication (the root user is still forcible local authentication).
CAUTION
1. Common User 2. Operator
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
//Management user name:
//Password: test01pwd, same as that on the
3. Administrator:2
3 Basic Configuration
106