< Home

Authentication/Authorization/Accounting Scheme

Procedure

  • Configure an authentication scheme.

    • Create an authentication scheme.
      1. Choose Configuration > Security Services > AAA and click the Authentication/Authorization/Accounting Scheme tab, as shown in Figure 1.
        Figure 1 Authentication/Authorization/Accounting scheme

      2. Click Create in Authentication Scheme List to open the Create Authentication Scheme page, as shown in Figure 2.
        Figure 2 Create Authentication Scheme

        Table 1 describes the parameters on the page.
        Table 1 Parameters on the Create Authentication Scheme page

        Item

        Description

        Authentication scheme name

        Specifies the name of an authentication scheme.

        First authentication

        The value can be RADIUS, HWTACACS, Local, or Non-authentication.

        Second authentication

        The value can be a mode except the first authentication mode. When the authentication server of the first authentication mode does not respond, the second authentication mode is triggered.

        When the first authentication mode is no authentication, the second authentication mode cannot be configured.

        Third authentication

        The value can be a mode except the first and second authentication modes. When the authentication servers of the first and second authentication modes do not respond, the third authentication mode is triggered.

        When the second authentication mode is no authentication or not configured, the third authentication mode cannot be configured.

        Fourth authentication

        The value can be no authentication or not configured. When the authentication servers of the first, second, and third authentication modes do not respond, the fourth authentication mode is triggered.

        When the third authentication mode is no authentication or not configured, the fourth authentication mode cannot be configured.
        After authentication is switched to local Specifies whether to configure the device to send accounting packets after an accounting server is configured but local authentication is triggered because the authentication server does not respond.

        Typically, a server functions as both the remote accounting server and the authentication server. If the authentication server does not respond, the accounting server also does not respond. When accounting and authentication + local authentication are configured on a device, a user is authenticated using the local authentication mode after the server does not respond to the user's authentication request. Because the accounting server also does not respond, after the user is authenticated using the local authentication mode, the device still sends accounting packets. As a result, the user goes offline because of accounting-start failures. To prevent this issue, the device does not send accounting packets by default when a user is authenticated using the local authentication mode after the server does not respond to the user's authentication request.

        This configuration item is supported only when local authentication mode is available.

        If non-authentication is configured, a user passes the authentication using any user name or password. Therefore, to protect the device or network security, you are advised to enable authentication, allowing only the authenticated users to access the device or network.

      3. Set parameters for the authentication scheme.
      4. Click OK.
    • Modify the authentication scheme.
      1. Choose Configuration > Security Services > AAA and click the Authentication/Authorization/Accounting Scheme tab.
      2. Click the authentication scheme that you want to modify in Authentication Scheme List.
      3. Set parameters for the authentication scheme. Table 1 describes the parameters on the page.
      4. Click OK.

  • Configure an authorization scheme.

    • Create an authorization scheme.
      1. Choose Configuration > Security Services > AAA and click the Authentication/Authorization/Accounting Scheme tab.
      2. Click Create in Authorization Scheme List to open the Create Authorization Scheme page, as shown in Figure 3.
        Figure 3 Create Authorization Scheme

        Table 2 describes the parameters on the page.
        Table 2 Parameters on the Create Authorization Scheme page

        Item

        Description

        Authorization scheme name

        Specifies the name of an authorization scheme.

        First authorization

        The value can be HWTACACS, If-authenticated, Local, or Non-authorization.

        Second authorization

        The value can be a mode except the first authorization mode. When the authorization server of the first authorization mode does not respond, the second authorization mode is triggered.

        When the first authorization mode is no authorization, the second authorization mode cannot be configured.

        Third authorization

        The value can be a mode except the first and second authorization modes. When the authorization servers of the first and second authorization modes do not respond, the third authorization mode is triggered.

        When the second authorization mode is no authorization or not configured, the third authorization mode cannot be configured.

        Fourth authorization

        The value can be no authorization or not configured. When the authorization servers of the first, second, and third authorization modes do not respond, the fourth authorization mode is triggered.

        When the third authorization mode is no authorization or not configured, the fourth authorization mode cannot be configured.
      3. Set parameters for the authorization scheme.
      4. Click OK.
    • Modify the authorization scheme.
      1. Choose Configuration > Security Services > AAA and click the Authentication/Authorization/Accounting Scheme tab.
      2. Click the authorization scheme that you want to modify in Authorization Scheme List.
      3. Modify parameters for the authorization scheme. Table 2 describes the parameters on the page.
      4. Click OK.

  • Configure the accounting scheme.

    • Create an accounting scheme.
      1. Choose Configuration > Security Services > AAA and click the Authentication/Authorization/Accounting Scheme tab.
      2. Click Create in Accounting Scheme List to open the Create Accounting Scheme page, as shown in Figure 4.
        Figure 4 Create Accounting Scheme

        Table 3 describes the parameters on the page.
        Table 3 Parameters on the Create Accounting Scheme page

        Item

        Description

        Accounting scheme name

        Specifies the name of an accounting scheme.

        Accounting mode
        Indicates the accounting mode.
        • Non-accounting
        • RADIUS accounting
        • HWTACACS accounting
      3. Set parameters for the accounting scheme.
      4. Click OK.
    • Modify the accounting scheme.
      1. Choose Configuration > Security Services > AAA and click the Authentication/Authorization/Accounting Scheme tab.
      2. Click the accounting scheme that you want to modify in Accounting Scheme List.
      3. Modify parameters for the accounting scheme. Table 3 describes the parameters on the page.
      4. Click OK.

Parent Topic: AAA
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >