Table of Contents
Advertisement
SmartAX MA5616 Multi-service Access Module
Configuration Guide
Create HWTACACS server template named test-login with HWTACACS server 129.7.66.66
as the primary authentication server, and HWTACACS server 129.7.66.67 as the secondary
authentication server.
huawei(config)#hwtacacs-server template test-login
Create a new HWTACACS-server template
huawei(config-hwtacacs-test-login)#hwtacacs-server authentication 129.7.66.66 1812
huawei(config-hwtacacs-test-login)#hwtacacs-server authentication 129.7.66.67 1812
secondary
huawei(config-hwtacacs-test-login)#quit
Step 3 Create a domain named isp1.
huawei(config)#aaa
huawei(config-aaa)#domain isp1
Info: Create a new domain
Step 4 Use the authentication scheme login-auth.
You can use an authentication scheme in a domain only after the authentication scheme is
created.
huawei(config-aaa-domain-isp1)#authentication-scheme login-auth
Step 5 Bind the HWTACACS server template test-login to the user.
You can use a HWTACACS server template in a domain only after the HWTACACS server
template is created.
huawei(config-aaa-domain-isp1)#hwtacacs-server test-login
Step 6 Configure the authentication mode of the management user.
In the global config mode, run the terminal user authentication-mode command to configure
the authentication of the management user to remote AAA.
huawei(config)#terminal user authentication-mode aaa isp1
Step 7 (Optional) Configure the local management user of the device.
If the HWTACACS server is unreachable, local authentication can be used to log in to the system.
If the HWTACACS server is reachable, none of the management users can log in to the system
through local authentication, except the root user.
Ensure that the user name and password of the local management user are the same as those
specified on the HWTACACS server. Otherwise, login to the system fails.
Issue 04 (2011-10-30)
NOTE
l A domain is a group of users of the same type.
l When the user name is in the format of userid@domain-name (for example,
huawei20041028@isp1.net), "domain-name" followed by "@" is the domain name, and "userid" is
the user name used for authentication.
l The common domain name for login cannot exceed 15 characters, and the domain name for 802.1x
authentication cannot exceed 20 characters.
NOTE
l Only the root user can run this command.
l After the authentication of the management user is configured to remote AAA, the system prefers
RADIUS authentication (the root user is still forcible local authentication).
CAUTION
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 Basic Configuration
109
Hide quick links:
Advertisement
Table of Contents
