Operation Manual – AAA & RADIUS & HWTACACS & EAD
Quidway S3900 Series Ethernet Switches-Release 1510
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
Huawei Technologies Proprietary
1-47
II. Network diagram
Authentication server
( IP address:10.110.91.164 )
Internet
Switch
Telnet user
Internet
Authentication server
( IP address:10.110.91.164 )
Internet
Switch
Authentication server
( IP address:10.110.91.164 )
Internet
Switch
Telnet user
Internet
Figure 1-9 Remote authentication and authorization of Telnet users
III. Configuration procedure
# Add a Telnet user.
Omitted here
# Configure a HWTACACS scheme.
<Quidway> system-view
[Quidway] hwtacacs scheme hwtac
[Quidway-hwtacacs-hwtac] primary authentication 10.110.91.164 49
[Quidway-hwtacacs-hwtac] primary authorization 10.110.91.164 49
[Quidway-hwtacacs-hwtac] key authentication expert
[Quidway-hwtacacs-hwtac] key authorization expert
[Quidway-hwtacacs-hwtac] user-name-format without-domain
[Quidway-hwtacacs-hwtac] quit
# Configure the domain name of the HWTACACS scheme to hwtac.
[Quidway] domain hwtacacs
[Quidway-isp-hwtacacs] scheme hwtacacs-scheme hwtac
1.8 Troubleshooting AAA & RADIUS & HWTACACS
Configuration
1.8.1 Troubleshooting the RADIUS Protocol
The RADIUS protocol is at the application layer in the TCP/IP protocol suite. This
protocol prescribes how the switch and the RADIUS server of the ISP exchange user
information with each other.
Symptom 1: User authentication/authorization always fails.
To Next Page
Loading...
Need help?
General