AAA Config Difference

Created Jan 05, 2018 11:09:16Latest reply Jun 01, 2018 15:48:03 1163 4 0 0
Hi All,


In AAA configuration, usually will using "local-user", but saw that "remote-aaa-user, remote-user, local-aaa-user", would like to know what's the difference and function.


TQVM. This post was last edited by W_Zer0 at 2018-1-5 11:25.
  • x
  • convention:

gululu  Admin   Created Jan 05, 2018 13:47:16 Helpful(0) Helpful(0)

please wait for help!
  • x
  • convention:

Come on!
r84092779  Moderator   Created Mar 22, 2018 20:32:14 Helpful(0) Helpful(0)

Hello,

Which is the equipment model do you refer to?
  • x
  • convention:

WheatGrass  Novice   Created Jun 01, 2018 12:15:35 Helpful(1) Helpful(1)

Authentication, Authorization, and Accounting (AAA) on AAA-capable devices to verify user identities and assign rights to authorized users.

Definition:
Authentication, Authorization, and Accounting (AAA) provides a user management mechanism and includes the following functions:

•Authentication: verifies the identity of users for network access.
•Authorization: authorizes users to use particular services.
•Accounting: records the network resources used by users.

For your reference, please kindly refer to the link below:

Users can only use one or more security services provided by AAA. For example, if a company wants to authenticate employees that access certain network resources, the network administrator only needs to configure an authentication server. If the company also wants to record operations performed by employees on the network, an accounting server is needed.In summary, AAA authorizes users to access specific resources and records user operations. 

AAA is widely used because it features good scalability and facilitates centralized user information management. AAA can be implemented using multiple protocols, such as Remote Authentication Dial-In User Service (RADIUS) and Huawei Terminal Access Controller Access Control System (HWTACACS). RADIUS is most widely used.

Purpose:

AAA prevents unauthorized users from logging in to a device and improves system security.

The local-user command creates a local user and sets parameters of the local user.
The undo local-user [/b]command deletes a local user.
By default, the local user admin exists in the system. The password of the user is admin@huawei.com, the irreversible encryption algorithm is used, the level is none, and service type is http.

You can refer to the link below:

The remote-aaa-user authen-fail command enables the remote AAA authentication account locking function, and sets the authentication retry interval, maximum number of consecutive authentication failures, and account locking period.
The undo remote-aaa-user authen-fail command disables the remote AAA authentication account locking function.
By default, the remote AAA account locking function is enabled, authentication retry interval is 30 minutes, maximum number of consecutive authentication failures is 30, and account locking period is 30 minutes.

You can refer to the link below:

The remote-user authen-fail unblock command unlocks remote AAA authentication accounts.

You can refer to the link below:

The local-aaa-user password policy access-user command enables the password policy for local access users and enters the local access user password policy view.
The undo local-aaa-user password policy access-user command disables the password policy of local access users.
By default, the password policy of local access users is disabled.


For AAA Commands, please see below:
  • x
  • convention:

Cybertan     Created Jun 01, 2018 15:48:03 Helpful(0) Helpful(0)

good ,very good
  • x
  • convention:

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top