Operation Manual – AAA & RADIUS & HWTACACS & EAD
Quidway S3900 Series Ethernet Switches-Release 1510
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
Huawei Technologies Proprietary
1-17
Operation Command Description
Configure an AAA
scheme for the ISP
domain
scheme { local | none |
radius-scheme
radius-scheme-name [ local ] |
hwtacacs-scheme
hwtacacs-scheme-name [ local ] }
Required
By default, the ISP
domain uses the
local AAA
scheme.
Configure an RADIUS
scheme for the ISP
domain
radius-scheme
radius-scheme-name
Optional
This command has
the same effect as
the scheme
radius-scheme
command.
Caution:
z You can execute the scheme command with the radius-scheme-name argument to
adopt an already configured RADIUS scheme to implement all the three AAA
functions. If you adopt the local scheme, only the authentication and authorization
functions are implemented, the accounting function cannot be implemented.
z If you execute the scheme radius-scheme radius-scheme-name local command,
the local scheme becomes the secondary scheme in case the RADIUS server does
not response normally. That is, if the communication between the switch and the
RADIUS server is normal, no local authentication is performed; otherwise, local
authentication is performed.
z If you execute the scheme hwtacacs-scheme radius-scheme-name local
command, the local scheme becomes the secondary scheme in case the TACACS
server does not respond normally. That is, if the communication between the switch
and the TACACS server is normal, no local authentication is performed; otherwise,
local authentication is performed.
z If you adopt local or none as the primary scheme, the local authentication is
performed or no authentication is performed. In this case, you cannot perform
RADIUS authentication at the same time.
II. Configuring separate AAA schemes
You can use the authentication, authorization, and accounting commands to
specify a scheme for each of the three AAA functions (authentication, authorization and
accounting) respectively. The following gives the implementations of this separate way
for the services supported by AAA.
z For terminal users
Authentication: RADIUS, local, RADIUS-local or none.
To Next Page
Loading...
