How to configure an authorization template for AAA authentication on an AR router


AAA authentication provides security functions such as authenticating, authorizing, and accounting users to prevent unauthorized users from logging in to the device and enhance system security of the device. For details about the AAA configuration procedure, choose Configuration Guide (via Command Line)> Security Configuration> AAA Configuration through the URL: Product documentation."

Other related questions:
How is an authentication scheme bound to an AAA domain on an AR
Before configuring an authentication scheme for a domain on an AR, create an authentication scheme and set parameters in the authentication scheme. The configuration is as follows: 1. Create an authentication scheme scheme1 in the AAA view. [Huawei] aaa [Huawei-aaa] authentication-scheme scheme1 [Huawei-aaa-authen-scheme1] quit 2. Create an AAA domain isp1 and bind the authentication scheme scheme1 to the AAA domain. [Huawei-aaa] domain isp1 [Huawei-aaa-domain-isp1] authentication-scheme scheme1 [Huawei-aaa-domain-isp1] quit

How is the authentication mode of VTY users set to AAA on an AR
When Telnet or SSH users log in to the AR through the VTY user interface, set the authentication mode to AAA. The configuration is as follows: [Huawei] user-interface vty 0 4 //Configure the VTY user interface. [Huawei-ui-vty0-4] authentication-mode password //Set the authentication mode to AAA.

Why does authentication fail when the RADIUS server template is correct and the AAA authentication mode is RADIUS
The possible causes are as follows: 1. The client's IP address is not configured on the server, the IP address is configured incorrectly, and the RADIUS server does not respond to authentication packets. 2. The shared keys on the AR and RADIUS server are different. 3. The user configuration of the RADIUS server is incorrect.

Can the authentication mode of an AR router administrator user be set only to No authentication on the AAA side
To improve device security, administrator users are required to be authenticated on the AAA side as well.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top