AAA Config Difference

Latest reply: Jun 1, 2018 07:48:03 1278 4 0 0
Hi All,


In AAA configuration, usually will using "local-user", but saw that "remote-aaa-user, remote-user, local-aaa-user", would like to know what's the difference and function.


TQVM. This post was last edited by W_Zer0 at 2018-01-05 03:25.
  • x
  • convention:

Admin Created Jan 5, 2018 05:47:16 Helpful(0) Helpful(0)

please wait for help!
  • x
  • convention:

Come on!
Created Mar 22, 2018 12:32:14 Helpful(0) Helpful(0)

Hello,

Which is the equipment model do you refer to?
  • x
  • convention:

Created Jun 1, 2018 04:15:35 Helpful(1) Helpful(1)

Authentication, Authorization, and Accounting (AAA) on AAA-capable devices to verify user identities and assign rights to authorized users.

Definition:
Authentication, Authorization, and Accounting (AAA) provides a user management mechanism and includes the following functions:

•Authentication: verifies the identity of users for network access.
•Authorization: authorizes users to use particular services.
•Accounting: records the network resources used by users.

For your reference, please kindly refer to the link below:

Users can only use one or more security services provided by AAA. For example, if a company wants to authenticate employees that access certain network resources, the network administrator only needs to configure an authentication server. If the company also wants to record operations performed by employees on the network, an accounting server is needed.In summary, AAA authorizes users to access specific resources and records user operations. 

AAA is widely used because it features good scalability and facilitates centralized user information management. AAA can be implemented using multiple protocols, such as Remote Authentication Dial-In User Service (RADIUS) and Huawei Terminal Access Controller Access Control System (HWTACACS). RADIUS is most widely used.

Purpose:

AAA prevents unauthorized users from logging in to a device and improves system security.

The local-user command creates a local user and sets parameters of the local user.
The undo local-user [/b]command deletes a local user.
By default, the local user admin exists in the system. The password of the user is admin@huawei.com, the irreversible encryption algorithm is used, the level is none, and service type is http.

You can refer to the link below:

The remote-aaa-user authen-fail command enables the remote AAA authentication account locking function, and sets the authentication retry interval, maximum number of consecutive authentication failures, and account locking period.
The undo remote-aaa-user authen-fail command disables the remote AAA authentication account locking function.
By default, the remote AAA account locking function is enabled, authentication retry interval is 30 minutes, maximum number of consecutive authentication failures is 30, and account locking period is 30 minutes.

You can refer to the link below:

The remote-user authen-fail unblock command unlocks remote AAA authentication accounts.

You can refer to the link below:

The local-aaa-user password policy access-user command enables the password policy for local access users and enters the local access user password policy view.
The undo local-aaa-user password policy access-user command disables the password policy of local access users.
By default, the password policy of local access users is disabled.


For AAA Commands, please see below:
  • x
  • convention:

Created Jun 1, 2018 07:48:03 Helpful(0) Helpful(0)

good ,very good
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top