The system supports up to 16 authentication schemes. The system has a default authentication
scheme named default. It can be modified, but cannot be deleted.
1. Run the aaa command to enter the AAA mode.
2. Run the authentication-scheme command to add an authentication scheme.
3. Run the authentication-mode local command to configure the authentication mode of the
authentication scheme. Use the HWTACACS protocol to authenticate users.
4. Run the quit command to return to the AAA mode.
Step 2 Configure the AAA authorization scheme.
The authorization scheme specifies how all the users in an ISP domain are authorized.
1. In the AAA mode, run the authorization-scheme command to add an AAA authorization
scheme.
2. Run the authorization-mode hwtacacs command to configure the authorization mode.
3. Run the quit command to return to the AAA mode.
4. Run the quit command to return to the global config mode.
Step 3 Configure the AAA accounting scheme.
The accounting scheme specifies how all the users in an ISP domain are charged.
The system supports up to 128 accounting schemes. The system has a default accounting scheme
named default. It can be modified, but cannot be deleted.
1. In the AAA mode, run the accounting-scheme command to add an AAA accounting
scheme.
2. Run the accounting-mode hwtacacs command to configure the accounting mode. By
default, the accounting is not performed.
3. Run the accounting interim interval command to set the interval of real-time accounting.
By default, the interval is 0 minutes, that is, the real-time accounting is not performed.
4. Run the quit command to return to the AAA mode.
Step 4 Configure the HWTACACS protocol.
The configuration of the HWTACACS protocol of the MA5600T/MA5603T/MA5608T is on
the basis of the HWTACACS server group. In actual networking scenarios, an HWTACACS
server group can be an independent HWTACACS server or a combination of two HWTACACS
servers, that is, a primary server and a secondary server with the same configuration but different
IP addresses.
Each HWTACACS server template contains the primary/secondary server IP address, shared
key, and HWTACACS server type.
Primary and secondary authentication, accounting, and authorization servers can be configured.
The IP address of the primary server, however, must be different from that of the secondary
server. Otherwise, the configuration of primary and secondary servers will fail. By default, the
IP addresses of the primary and secondary servers are both 0.0.0.0.
1. Run the hwtacacs-server template command to create an HWTACACS server template
and enter the HWTACACS server template mode.
2. Run the hwtacacs-server authentication command to configure a primary authentication
server. You can select secondary to configure a secondary authentication server.
SmartAX MA5600T/MA5603T/MA5608T Multi-service
Access Module
Commissioning and Configuration Guide
2 Basic Configurations
Issue 01 (2014-04-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
241
To Next Page
Loading...
Need help?
General
