How is an authentication scheme bound to an AAA domain on an AR


Before configuring an authentication scheme for a domain on an AR, create an authentication scheme and set parameters in the authentication scheme. The configuration is as follows:
1. Create an authentication scheme scheme1 in the AAA view.
[Huawei] aaa
[Huawei-aaa] authentication-scheme scheme1
[Huawei-aaa-authen-scheme1] quit
2. Create an AAA domain isp1 and bind the authentication scheme scheme1 to the AAA domain.
[Huawei-aaa] domain isp1
[Huawei-aaa-domain-isp1] authentication-scheme scheme1
[Huawei-aaa-domain-isp1] quit

Configure AAA authentication schemes on S series switches
Configure an AAA authentication scheme on an S series switch (except the S1700 switch) as follows: [HUAWEI] aaa [HUAWEI-aaa] authentication-scheme scheme1 //Create an AAA authentication scheme. [HUAWEI-aaa-authen-scheme1] authentication-mode local //Set the authentication mode to local authentication.

How is the authentication mode of VTY users set to AAA on an AR
When Telnet or SSH users log in to the AR through the VTY user interface, set the authentication mode to AAA. The configuration is as follows: [Huawei] user-interface vty 0 4 //Configure the VTY user interface. [Huawei-ui-vty0-4] authentication-mode password //Set the authentication mode to AAA.

How to configure an authorization template for AAA authentication on an AR router
AAA authentication provides security functions such as authenticating, authorizing, and accounting users to prevent unauthorized users from logging in to the device and enhance system security of the device. For details about the AAA configuration procedure, choose Configuration Guide (via Command Line)> Security Configuration> AAA Configuration through the URL: Product documentation."

What is the default management and authentication domain of the AR router
By default, the global administrative domain (authentication domain of the administrator) on the AR router is default_admin. You can run the domain domain-name admin command in the system view to modify the global default administrative domain.

