In the user name format userid@domain-name (for example, huawei20041028@huawei.net),
"userid" indicates the user name for authentication and "domain-name" followed by "@"
indicates the domain name.
The domain name for user login cannot exceed 15 characters, and the other domain names cannot
exceed 20 characters.
1. Run the aaa command to enter the AAA mode.
2. In the AAA mode, run the domain command to create a domain.
Step 6 Use the authentication scheme.
You can use an authentication scheme in a domain only after the authentication scheme is
created.
In the domain mode, run the authentication-scheme command to use the authentication scheme.
Step 7 Use the accounting scheme.
You can use an accounting scheme in a domain only after the accounting scheme is created.
In the domain mode, run the accounting-scheme command to use the accounting scheme.
Step 8 Use the authorization scheme.
You can use an authorization scheme in a domain only after the authorization scheme is created.
In the domain mode, run the authorization-mode command to use the authorization scheme.
Step 9 Use the HWTACACS server template.
You can use an HWTACACS server template in a domain only after the HWTACACS server
template is created.
1. In the domain mode, run the hwtacacs-server command to use the HWTACACS server
template.
2. Run the quit command to return to the AAA mode.
----End
Example
User1 in the isp domain adopts the HWTACACS protocol for authentication, authorization, and
accounting. The accounting interval is 10 minutes, the authentication password is a123456,
HWTACACS server 10.10.66.66 functions as the primary authentication, authorization, and
accounting server, and HWTACACS server 10.10.66.67 functions as the standby authentication,
authorization, and accounting server. On the HWTACACS server, the parameters adopt the
default values. To perform the preceding configuration, do as follows:
huawei(config)#aaa
huawei(config-aaa)#authentication-scheme newscheme
huawei(config-aaa-authen-newscheme)#authentication-mode hwtacacs
huawei(config-aaa-authen-newscheme)#quit
huawei(config-aaa)#authorization-scheme newscheme
huawei(config-aaa-author-newscheme)#authorization-mode hwtacacs
huawei(config-aaa-author-newscheme)#quit
huawei(config-aaa)#accounting-scheme newscheme
huawei(config-aaa-accounting-newscheme)#accounting-mode hwtacacs
huawei(config-aaa-accounting-newscheme)#accounting interim interval 10
SmartAX MA5600T/MA5603T/MA5608T Multi-service
Access Module
Commissioning and Configuration Guide
2 Basic Configurations
Issue 01 (2014-04-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
243
To Next Page
Loading...
Need help?
General
