Can the authentication mode of an AR router administrator user be set only to No authentication on the AAA side

26

To improve device security, administrator users are required to be authenticated on the AAA side as well.

Other related questions:
How is the authentication mode of VTY users set to AAA on an AR
When Telnet or SSH users log in to the AR through the VTY user interface, set the authentication mode to AAA. The configuration is as follows: [Huawei] user-interface vty 0 4 //Configure the VTY user interface. [Huawei-ui-vty0-4] authentication-mode password //Set the authentication mode to AAA.

Why must the administrator pass AAA authentication
To ensure device security, the administrator must be authenticated by AAA authentication in local or remote authentication mode. The administrator, however, can log in to the device in non-authentication mode in the VTY interface view.

The administrator cannot pass authentication if the administrator's authentication mode is changed to RADIUS authentication on an S series switch
The administrator cannot pass authentication if the administrator's authentication mode is changed to RADIUS authentication. For S series switches (except the S1700), such an authentication failure occurs because the entered user name does not contain a domain name. You need to check whether the user name on the authentication server contains a domain name. - If the user name on the authentication server contains a domain name, run the radius-server user-name domain-included command in the RADIUS server template view or run the hwtacacs-server user-name domain-included command in the HWTACACS server template view. - If the user name on the authentication server does not contain a domain name, run the undo radius-server user-name domain-included command in the RADIUS server template view or run the undo hwtacacs-server user-name domain-included command in the HWTACACS server template view.

How to configure an authorization template for AAA authentication on an AR router
AAA authentication provides security functions such as authenticating, authorizing, and accounting users to prevent unauthorized users from logging in to the device and enhance system security of the device. For details about the AAA configuration procedure, choose Configuration Guide (via Command Line)> Security Configuration> AAA Configuration through the URL: Product documentation."

How to set the authentication as password on the AR
When Telnet or SSH users log in to the AR through the VTY user interface, set the authentication mode to AAA. The configuration method is as follows: [Huawei] user-interface vty 0 4 //Configure the VTY user interface. [Huawei-ui-vty0-4] authentication-mode password //Set the authentication mode to password.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top