Operation Manual – AAA&RADIUS
Quidway S3100 Series Ethernet Switches Chapter 1
AAA&RADIUS Configuration
Huawei Technologies Proprietary
1-33
III. Configuration procedure
Method 1: Using a local authentication scheme
# Enter system view.
<Quidway> system-view
System View: return to User View with Ctrl+Z.
[Quidway]
# Adopt AAA authentication for Telnet users.
[Quidway] user-interface vty 0 4
[Quidway-ui-vty0-4] authentication-mode scheme
# Create and configure a local user named telnet.
[Quidway] local-user telnet
[Quidway-luser-telnet] service-type telnet
[Quidway-luser-telnet] password simple huawei
[Quidway-luser-telnet] attribute idle-cut 300 access-limit 5
[Quidway] domain system
[Quidway-isp-system] scheme local
A Telnet user logging into the switch with the name telnet@system belongs to the
system domain and will be authenticated according to the configuration of the system
domain.
Method 2: using a local RADIUS server
This method is similar to the remote authentication method described in section
1.7.1 .
You only need to change the server IP address, the authentication password, and the
UDP port number for authentication service in configuration step "Configure a RADIUS
scheme" in section
1.7.1 to 127.0.0.1, huawei, and 1645 respectively, and configure
local users.
1.8 Troubleshooting AAA&RADIUS Configuration
The RADIUS protocol is at the application layer in the TCP/IP protocol suite. This
protocol prescribes how the switch and the RADIUS server of the ISP exchange user
information with each other.
Symptom 1: User authentication/authorization always fails.
Possible reasons and solutions:
z The user name is not in the userid@isp-name format, or no default ISP domain is
specified on the switch — Use the correct user name format, or set a default ISP
domain on the switch.
z The user is not configured in the database of the RADIUS server — Check the
database of the RADIUS server, make sure that the configuration information
about the user exists.
To Next Page
Loading...
Need help?
General