Huawei Quidway S3900 Series Operation Manual page 498
Hide thumbs
Also See for Quidway S3900 Series:
- Specifications (9 pages) ,
- Installation manual (95 pages) ,
- Command manual (1159 pages)
Table of Contents
Advertisement
Operation Manual – AAA & RADIUS & HWTACACS & EAD
Quidway S3900 Series Ethernet Switches-Release 1510
Operation
Configure
scheme for the ISP
domain
Configure an RADIUS
scheme for the ISP
domain
Caution:
You can execute the scheme command with the radius-scheme-name argument to
adopt an already configured RADIUS scheme to implement all the three AAA
functions. If you adopt the local scheme, only the authentication and authorization
functions are implemented, the accounting function cannot be implemented.
If you execute the scheme radius-scheme radius-scheme-name local command,
the local scheme becomes the secondary scheme in case the RADIUS server does
not response normally. That is, if the communication between the switch and the
RADIUS server is normal, no local authentication is performed; otherwise, local
authentication is performed.
If you execute the scheme hwtacacs-scheme radius-scheme-name local
command, the local scheme becomes the secondary scheme in case the TACACS
server does not respond normally. That is, if the communication between the switch
and the TACACS server is normal, no local authentication is performed; otherwise,
local authentication is performed.
If you adopt local or none as the primary scheme, the local authentication is
performed or no authentication is performed. In this case, you cannot perform
RADIUS authentication at the same time.
II. Configuring separate AAA schemes
You can use the authentication, authorization, and accounting commands to
specify a scheme for each of the three AAA functions (authentication, authorization and
accounting) respectively. The following gives the implementations of this separate way
for the services supported by AAA.
For terminal users
Authentication: RADIUS, local, RADIUS-local or none.
scheme
an
AAA
radius-scheme
radius-scheme-name [ local ] |
hwtacacs-scheme
hwtacacs-scheme-name [ local ] }
radius-scheme
radius-scheme-name
Huawei Technologies Proprietary
1-17
Chapter 1 AAA & RADIUS & HWTACACS
Command
{
local
|
none
Configuration
Description
Required
|
By default, the ISP
domain uses the
local
AAA
scheme.
Optional
This command has
the same effect as
the
scheme
radius-scheme
command.
- Quick Links:
- Switch Models
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
