Configuration of the HWTACACS Authentication (Management User)-HUAWEI

*******HWTACACS Authentication (Management User)********

  1. Configure the authentication scheme.Configure authentication scheme named login-auth (users are authenticated through HWTACACS).
    OLT(config)#aaa
    OLT(config-aaa)#authentication-scheme login-auth
    OLT(config-aaa-authen-login-auth)#authentication-mode hwtacacs
    OLT(config-aaa-authen-login-auth)#quit
  2. Configure the HWTACACS protocol.Create HWTACACS server template named ma56t-login with HWTACACS server 129.7.66.66 as the primary authentication server, and HWTACACS server 129.7.66.67 as the secondary authentication server.
    OLT(config)#hwtacacs-server template ma56t-login
      Create a new HWTACACS-server template
    OLT(config-hwtacacs-ma56t-login)#hwtacacs-server authentication 129.7.66.66 1812
    OLT(config-hwtacacs-ma56t-login)#hwtacacs-server authentication 129.7.66.67 1812 secondary
    OLT(config-hwtacacs-ma56t-login)#quit
    
  3. Create a domain named isp1.

     NOTE:

    • A domain is a group of users of the same type.
    • In the user name format userid@domain-name (for example, huawei20041028@huawei.net), “userid” indicates the user name for authentication and “domain-name” followed by “@” indicates the domain name.
    • The domain name for user login cannot exceed 15 characters, and the other domain names cannot exceed 20 characters.
    OLT(config)#aaa
    OLT(config-aaa)#domain isp1
      Info: Create a new domain
  4. Use the authentication scheme login-auth. You can use an authentication scheme in a domain only after the authentication scheme is created.
    OLT(config-aaa-domain-isp1)#authentication-scheme login-auth
  5. Bind the HWTACACS server template ma56t-login to the user.You can use a HWTACACS server template in a domain only after the HWTACACS server template is created.
    OLT(config-aaa-domain-isp1)#hwtacacs-server ma56t-login

                                                                                          ******END*****

Be the first to comment

Leave a Reply

Your email address will not be published.


*


For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

I agree to these terms.