Configuring the Local AAA

This topic describes how to configure the local AAA so that the user authentication can be performed locally.


 1The local AAA configuration is simple, which does not depend on the external server.

2. The local AAA supports only authentication.


 Step 1 Configure the AAA authentication scheme.

  1. Run the aaa command to enter the AAA mode.
  2. Run the authentication-scheme command to add an authentication scheme.
  3. Run the authentication-mode local command to configure the authentication mode of the authentication scheme.
  4. Run the quit command to return to the AAA mode.

Step 2 Create a domain.

  1. In the AAA mode, run the domain command to create a domain.

Step 3 Refer the authentication scheme.

  1. In the domain mode, run the authentication-scheme command to reference the authentication scheme.
  2. Run the quit command to return to the AAA mode.

Step 4 Configure a local user.

In the AAA mode, run the local-user username service-type command to create a local AAA user.



User1 in the isp domain adopts the local server for authentication. The authentication scheme is

newscheme, the password is a123456, do as follows:


huawei(config-aaa)#authentication-scheme newscheme

Info: Create a new authentication scheme

huawei(config-aaa-authen-newscheme)#authentication-mode local


huawei(config-aaa)#domain isp

Info: Create a new domain

huawei(config-aaa-domain-isp)#authentication-scheme newscheme


huawei(config-aaa)#local-user user1@isp service-type terminal password a123456

Be the first to comment

Leave a Reply

Your email address will not be published.