huawei(config-aaa-accounting-newscheme)#quit
huawei(config)#hwtacacs-server template hwtest
huawei(config-hwtacacs-hwtest)#hwtacacs-server authentication 10.10.66.66
huawei(config-hwtacacs-hwtest)#hwtacacs-server authentication 10.10.66.67
secondary
huawei(config-hwtacacs-hwtest)#hwtacacs-server authorization 10.10.66.66
huawei(config-hwtacacs-hwtest)#hwtacacs-server authorization 10.10.66.67 secondary
huawei(config-hwtacacs-hwtest)#hwtacacs-server accounting 10.10.66.66
huawei(config-hwtacacs-hwtest)#hwtacacs-server accounting 10.10.66.67 secondary
huawei(config-hwtacacs-hwtest)#quit
huawei(config)#aaa
huawei(config-aaa)#domain isp
huawei(config-aaa-domain-isp)#authentication-scheme newscheme
huawei(config-aaa-domain-isp)#authorization-scheme newscheme
huawei(config-aaa-domain-isp)#accounting-scheme newscheme
huawei(config-aaa-domain-isp)#hwtacacs-server hwtest
huawei(config-aaa-domain-isp)#quit
2.4.5 Configuration Example of the HWTACACS Authentication
(802.1X access user)
The MA5600T/MA5603T/MA5608T is interconnected with the HWTACACS server through
the HWTACACS protocol to implement authentication, authorization, and accounting.
Service Requirements
l The HWTACACS server performs authentication, authorization, and accounting for
802.1X access users.
l The user logs in to the server carrying the domain name.
l The HWTACACS server with the IP address 10.10.66.66 functions as the primary server
for authentication, authorization, and accounting.
l The HWTACACS server with the IP address 10.10.66.67 functions as the secondary server
for authentication, authorization, and accounting.
l Other parameters adopt the default settings.
Networking
Figure 2-3 shows an example network of the HWTACACS authentication.
SmartAX MA5600T/MA5603T/MA5608T Multi-service
Access Module
Commissioning and Configuration Guide 2 Basic Configurations
Issue 01 (2014-04-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
244
To Next Page
Loading...
Need help?
General
