The MA5600 /MA5600T allows the management user
of the device to log in to the system by the HWTACACS authentication mode.
Configure the authentication scheme.
Configure authentication scheme named
login-auth (users are authenticated through HWTACACS).
huawei(config)#aaa
huawei(config-aaa)#authentication-scheme
login-auth
huawei(config-aaa-authen-login-auth)#authentication-mode
hwtacacs
huawei(config-aaa-authen-login-auth)#quit
Configure the HWTACACS protocol.
Create HWTACACS server template named
ma56t-login with HWTACACS server 10.10.66.66 as the primary authentication
server, and HWTACACS server 10.10.66.67 as the secondary authentication server.
huawei(config)#hwtacacs-server template
ma56t-login
Create
a new HWTACACS-server template
huawei(config-hwtacacs-ma56t-login)#hwtacacs-server
authentication 10.10.66.66 1812
huawei(config-hwtacacs-ma56t-login)#hwtacacs-server
authentication 10.10.66.67 1812 secondary
huawei(config-hwtacacs-ma56t-login)#quit
Create a domain named isp1.
NOTE:
A domain is a group of users of the same type.
In the user name format userid@domain-name (for
example, huawei20041028@huawei.net), "userid" indicates the user name
for authentication and "domain-name" followed by "@"
indicates the domain name.
The domain name for user login cannot exceed 15
characters, and the other domain names cannot exceed 20 characters.
huawei(config)#aaa
huawei(config-aaa)#domain isp1
Info:
Create a new domain
Use the authentication scheme login-auth.
You can use an authentication scheme in a
domain only after the authentication scheme is created.
huawei(config-aaa-domain-isp1)#authentication-scheme
login-auth
Bind the HWTACACS server template ma56t-login
to the user.
You can use an HWTACACS server template in a
domain only after the HWTACACS server template is created.
huawei(config-aaa-domain-isp1)#hwtacacs-server
ma56t-login
huawei(config)#aaa
huawei(config-aaa)#authentication-scheme
login-auth
huawei(config-aaa-authen-login-auth)#authentication-mode
hwtacacs
huawei(config-aaa-authen-login-auth)#quit
huawei(config-aaa)#quit
huawei(config)#hwtacacs-server template
ma56t-login
huawei(config-hwtacacs-ma56t-login)#hwtacacs-server
authentication 10.10.66.66 1812
huawei(config-hwtacacs-ma56t-login)#hwtacacs-server
authentication 10.10.66.67 1812 secondary
huawei(config-hwtacacs-ma56t-login)#quit
huawei(config)#aaa
huawei(config-aaa)#domain isp1
huawei(config-aaa-domain-isp1)#authentication-scheme
login-auth
huawei(config-aaa-domain-isp1)#hwtacacs-server
ma56t-login
huawei(config-aaa-domain-isp1)#quit
huawei(config-aaa)#quit
没有评论:
发表评论