How is the authentication mode of VTY users set to AAA on an AR

16

When Telnet or SSH users log in to the AR through the VTY user interface, set the authentication mode to AAA. The configuration is as follows:
[Huawei] user-interface vty 0 4 //Configure the VTY user interface.
[Huawei-ui-vty0-4] authentication-mode password //Set the authentication mode to AAA.

Other related questions:
Can the authentication mode of an AR router administrator user be set only to No authentication on the AAA side
To improve device security, administrator users are required to be authenticated on the AAA side as well.

How to set the authentication as password on the AR
When Telnet or SSH users log in to the AR through the VTY user interface, set the authentication mode to AAA. The configuration method is as follows: [Huawei] user-interface vty 0 4 //Configure the VTY user interface. [Huawei-ui-vty0-4] authentication-mode password //Set the authentication mode to password.

How to configure a user level on an AR router
Methods of configuring user levels vary with specific scenarios (command lines):
- Configure a user level for a user.
[Huawei] aaa
[Huawei-aaa] local-user user1 privilege level 15  //Set the user level of user 1 to 15.  
-  Configure a user level for all users under a domain.
[Huawei] aaa
[Huawei-aaa] service-scheme sch1
[Huawei-aaa-service-sch1] admin-user privilege level 15  //Set the user level of all users under a domain to 15.  
-  Configure a user level for all users who log in through a page (take the VTY view as an example).
[Huawei] user-interface maximum-vty 15
[Huawei] user-interface vty 0 14
[Huawei-ui-vty0-14] user privilege level 15  //Set the user level in the VTY 0 to VTY 14 views to 15.
The preceding command is used to modify a user level as well. This command overwrites preceding operation results. Therefore, if this command is run multiple times, the last-time operation prevails.
If the user level configured on a page conflicts with the corresponding operation permission of a user, the operation permission prevails.

Configure a user level in web mode.
1.  Choose User Management > User Management.
2.  Click an icon of a desired local user from the user list.
3.  Enter corresponding content.
  a.  The super administrator enters Access level in order to modify the access level of other users.
  b.  To change Access level from the common user to the administrator (common administrator, enterprise administrator, or super administrator), enter New password and confirm Confirm password.

How is an AAA local user configured on an AR
When local authentication and authorization are configured, configure authentication and authorization information on the AR, including the user name, password, and priority. The configuration is as follows: 1. Run the aaa command to enter the AAA view. 2. Run the local-user user-name password { cipher | irreversible-cipher } password command create a local account and configure the login password. 3. Run the local-user user-name service-type command to configure the access type for local users. Run the local-user user-name privilege level level command to set the local user level.

How is an authentication scheme bound to an AAA domain on an AR
Before configuring an authentication scheme for a domain on an AR, create an authentication scheme and set parameters in the authentication scheme. The configuration is as follows: 1. Create an authentication scheme scheme1 in the AAA view. [Huawei] aaa [Huawei-aaa] authentication-scheme scheme1 [Huawei-aaa-authen-scheme1] quit 2. Create an AAA domain isp1 and bind the authentication scheme scheme1 to the AAA domain. [Huawei-aaa] domain isp1 [Huawei-aaa-domain-isp1] authentication-scheme scheme1 [Huawei-aaa-domain-isp1] quit

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top