Configuring AAA Schemes

Configuring AAA schemes involves the configurations of the authentication scheme, authorization scheme, and accounting scheme.

Context

Configuring AAA schemes involves the following configurations:

Procedure

  • Configure an authentication scheme.
    1. Run system-view

      The system view is displayed.

    2. Run aaa

      The AAA view is displayed.

    3. Run authentication-scheme scheme-name

      The authentication scheme is created, and the authentication scheme view is displayed.

      A maximum of 32 authentication schemes can be configured.

    4. Run authentication-mode { hwtacacs | radius | local } *

      The authentication mode is configured.

      The parameter radius is supported only on the Admin-VS.

      If multiple authentication modes are configured in an authentication scheme, authentication modes are used in the sequence in which they were configured.

      The next authentication mode can be used only when the current authentication mode does not respond (for example, the server does not respond). If the authentication is successful or fails, the next authentication mode will not be used.

    5. Run commit

      The configuration is committed.

  • Configure an authorization scheme.
    1. Run system-view

      The system view is displayed.

    2. Run aaa

      The AAA view is displayed.

    3. Run authorization-scheme authorization-scheme-name

      The authorization scheme is created, and the authorization scheme view is displayed.

      A maximum of 32 authorization schemes can be configured.

    4. Run authorization-mode authorization-mode1 [ authorization-mode2 [ authorization-mode3 [ authorization-mode4 ] ] ]

      The authorization mode is configured.

      If multiple authorization modes are configured in an authorization scheme, authorization modes are used in the sequence in which they were configured.

      The next authorization mode can be used only when the current authorization mode provides no response (for example, the server provides no response). If the authorization is successful or fails, the next authorization mode will not be used.

    5. Run commit

      The configuration is committed.

  • Configure an accounting scheme.
    1. Run system-view

      The system view is displayed.

    2. Run aaa

      The AAA view is displayed.

    3. Run accounting-scheme acct-scheme-name

      The accounting scheme is created, and the accounting scheme view is displayed.

      A maximum of 256 accounting schemes can be configured.

    4. Run accounting-mode { hwtacacs | radius | none }

      The accounting mode is configured.

      The parameter radius is supported only on the Admin-VS.

    5. Run commit

      The configuration is committed.

Follow-up Procedure

Implement one of the following configurations according to the configured authentication, authorization, and accounting modes.

Parent Topic: Configuring AAA
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >