Hwtacacs Configuration On Huawei Device PDF

Uploaded by

This document discusses configuring HWTACACS AAA on Huawei devices. It describes: 1. Configuring an HWTACACS server template with authentication, authorization, and accounting servers. 2. Configuring authentication, authorization, and accounting schemes and applying the schemes and server template to the default domain. 3. Configuring secondary HWTACACS servers for redundancy. It notes there are local authentication and authorization backups if HWTACACS fails, but no accounting backup. 4. Explaining that without an "accounting start-fail online" command, accounting failures could disconnect local users, and recommends including that command for a fully redundant AAA configuration.

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Hwtacacs Configuration On Huawei Device PDF

Uploaded by

Hussein Dhafan

0% found this document useful (0 votes)

170 views2 pages

Original Title

hwtacacs-configuration-on-huawei-device.pdf

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Download as pdf or txt

0% found this document useful (0 votes)

170 views2 pages

Hwtacacs Configuration On Huawei Device PDF

Uploaded by

Hussein Dhafan

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Download as pdf or txt

Jump to Page

You are on page 1of 2

Search inside document

HWTACACS configuration on Huawei device

Lets look at a typical configuration of HWTACACS server on Huawei device:

#
hwtacacs-server template labnario
hwtacacs-server authentication 172.16.10.1
hwtacacs-server authorization 172.16.10.1
hwtacacs-server accounting 172.16.10.1
hwtacacs-server source-ip 172.16.10.10
hwtacacs-server shared-key cipher %$%$;XioR#N`7=~][vLDTr2S(2.#%$%$
undo hwtacacs-server user-name domain-included
#
aaa
authentication-scheme hwtacacs
authentication-mode hwtacacs local
authorization-scheme hwtacacs
authorization-mode hwtacacs local
accounting-scheme hwtacacs
accounting-mode hwtacacs
domain default_admin
authentication-scheme hwtacacs
accounting-scheme hwtacacs
authorization-scheme hwtacacs
hwtacacs-server labnario
local-user labnario password cipher %$%$'3N&Y#>c>Ibb;f:!o4mW(7#h%$%$
local-user labnario privilege level 15
local-user labnario service-type telnet terminal ssh ftp
#
user-interface vty 0 4
authentication-mode aaa

What do we have to do to configure HWTACACS AAA?

Configure an HWTACACS server template.

Configure authentication, authorization, and accounting schemes.
Apply the HWTACACS server template, authentication scheme, authorization scheme,
and accounting scheme to the domain.

To ensure redundancy we can configure secondary HWTACAC server:

#
hwtacacs-server template labnario
hwtacacs-server authentication 172.16.11.1 secondary
hwtacacs-server authorization 172.16.11.1 secondary
hwtacacs-server accounting 172.16.11.1 secondary

In such case, if primary server is not available, secondary server is used.

Lets look at AAA schemes. As you can see the there are backups for authentication and
authorization. If HWTACAC authentication fails, local authentication is used. We have the
same situation for HWTACAC authorization.

But what happens if accounting fails?

There is not possible to configure backup for accounting. We have 3 options: HWTACAC,
local or RADIUS. But only one of them can be selected.
Lets assume that you use accounting like in the configuration above. After an accounting
scheme is applied, if a user goes online, the device sends an accounting-start packet to an
accounting server. When the network is working properly, the accounting server responds to
the accounting-start packet. If a fault occurs in the network, the device may not receive the
response packet from the accounting server. As a result, accounting fails. Finally, when you
are trying to log in as local user labnario, you are immediately disconnected with information:

The connection was closed by the remote host.

Of course there is a way out of this situation by using accounting start-fail online
command.

The final backup configuration of AAA should look like:

#
aaa
authentication-scheme hwtacacs
authentication-mode hwtacacs local
authorization-scheme hwtacacs
authorization-mode hwtacacs local
accounting-scheme hwtacacs
accounting-mode hwtacacs
accounting start-fail online

PLSQL Project Semester 2 Teacher
Document13 pages
PLSQL Project Semester 2 Teacher
Ana Borobio
No ratings yet
Tutorialspoint Python
Document444 pages
Tutorialspoint Python
Dudy
100% (2)
Oracle Siebel Application Testing
Document27 pages
Oracle Siebel Application Testing
austinfru
No ratings yet
Tacacs Huawei
Document1 page
Tacacs Huawei
roccaeder
No ratings yet
AAA Configuration Examples
Document16 pages
AAA Configuration Examples
Matthew Ndeto
No ratings yet
HAProxy
Document10 pages
HAProxy
Binh Vu
No ratings yet
Basic AAA Configuration On IOS
Document15 pages
Basic AAA Configuration On IOS
Faheem Kabir
No ratings yet
CCNA Security Module 3 100%
Document6 pages
CCNA Security Module 3 100%
Akbal Larios
No ratings yet
Ccna Security Ch7 Implementing Aaa Using Ios ACS Server
Document28 pages
Ccna Security Ch7 Implementing Aaa Using Ios ACS Server
florinn81
No ratings yet
Camara de Comercio Sede Ica - Final Peter
Document20 pages
Camara de Comercio Sede Ica - Final Peter
Anonymous oz3YPvW9HN
No ratings yet
Red_Team_Operations_1733709230
Document17 pages
Red_Team_Operations_1733709230
Dan Maluma
No ratings yet
MBSS - HP Router
Document48 pages
MBSS - HP Router
Rohit Mishra
No ratings yet
Cisco CCNA Security Chapter 3 Exam
Document6 pages
Cisco CCNA Security Chapter 3 Exam
Paulina Echeverría
No ratings yet
Session 3-1 - Authorization Authentication and Accounting Lesson
Document13 pages
Session 3-1 - Authorization Authentication and Accounting Lesson
munyakatim
No ratings yet
3.6.1.2 Packet Tracer - Configure AAA Authentication On Cisco Routers Answers
Document11 pages
3.6.1.2 Packet Tracer - Configure AAA Authentication On Cisco Routers Answers
Sultan
100% (3)
Chapter 3: AAA
Document82 pages
Chapter 3: AAA
Ryanb378
No ratings yet
Servicios Compartidos - Visa
Document18 pages
Servicios Compartidos - Visa
Anonymous oz3YPvW9HN
No ratings yet
Configuring RADIUS: Layer 3 Solutions
Document36 pages
Configuring RADIUS: Layer 3 Solutions
Brian French
No ratings yet
Assessment System: Take Assessment - CCNAS Chapter 3 - CCNA Security: Implementing Network Security (Version 1.0)
Document5 pages
Assessment System: Take Assessment - CCNAS Chapter 3 - CCNA Security: Implementing Network Security (Version 1.0)
bcnrana
No ratings yet
Extreme Management Center®: Cisco Switch Integration Guide
Document26 pages
Extreme Management Center®: Cisco Switch Integration Guide
praful_kohale6642
No ratings yet
213922-Configure-Mac-Authentication-Ssid-On-Cis C9800
Document15 pages
213922-Configure-Mac-Authentication-Ssid-On-Cis C9800
Javier
No ratings yet
Evaluation Checklist For VM Appliance: Servergraph 7.5
Document12 pages
Evaluation Checklist For VM Appliance: Servergraph 7.5
ClaudioQuinterosCarreño
No ratings yet
Radius Server
Document6 pages
Radius Server
cooleng115
No ratings yet
Tutorial Alibaba Cacti
Document13 pages
Tutorial Alibaba Cacti
my oedah
No ratings yet
Cisco AAA 10384 Security
Document13 pages
Cisco AAA 10384 Security
gadget kusaja
No ratings yet
Group E Presentation
Document12 pages
Group E Presentation
elimannjie511
No ratings yet
Administrator Authentication and RBAC
Document37 pages
Administrator Authentication and RBAC
amita1392
No ratings yet
Asset Manager Web Deployment Steps
Document13 pages
Asset Manager Web Deployment Steps
PAWAN_24KARAT
No ratings yet
CCNA Security v20 Chapter 3 Exam Answers
Document5 pages
CCNA Security v20 Chapter 3 Exam Answers
Jonathan
No ratings yet
Squid Proxy Configuration
Document9 pages
Squid Proxy Configuration
satenderrose
No ratings yet
Install Account DNS Check WHM Plugin
Document4 pages
Install Account DNS Check WHM Plugin
linggih
No ratings yet
CCNASv2 - InstructorPPT - CH3 AAA Updated
Document42 pages
CCNASv2 - InstructorPPT - CH3 AAA Updated
Josh 14
No ratings yet
Squid
Document89 pages
Squid
yerima1
No ratings yet
Bridging - Switching, Routing, and Wireless Essentials - Access Control
Document7 pages
Bridging - Switching, Routing, and Wireless Essentials - Access Control
TENDAI ASHNEKI SHONHIWA
No ratings yet
Tacacs+ Server Project Reo/prt
Document18 pages
Tacacs+ Server Project Reo/prt
Atul Singh
No ratings yet
04 - Tacacs, AAA, SSH Config
Document2 pages
04 - Tacacs, AAA, SSH Config
Seyram
No ratings yet
B Consolidated 152ex 2960-X CG Chapter 0101110
Document26 pages
B Consolidated 152ex 2960-X CG Chapter 0101110
Hoàng Minh
No ratings yet
Web Dispatcher
Document23 pages
Web Dispatcher
Ramakrishna Reddy
100% (1)
Cisco 5508 WLC Configuration LAB
Document17 pages
Cisco 5508 WLC Configuration LAB
Agung Purbayana
100% (1)
Microsoft 70-411 v2015-09-30 by Sacriestory - Aikonfx PDF
Document661 pages
Microsoft 70-411 v2015-09-30 by Sacriestory - Aikonfx PDF
zC6MuNiW
No ratings yet
Examen 3 CCNA Sec 1.1
Document3 pages
Examen 3 CCNA Sec 1.1
AdDan Hdz
No ratings yet
CCNA Security Chapter 3 Exam: Console, Vty, or Tty Ports
Document5 pages
CCNA Security Chapter 3 Exam: Console, Vty, or Tty Ports
Zhen Shen
No ratings yet
Untitled
Document78 pages
Untitled
adrianmaner
No ratings yet
Authentication Proxy Authentication Outbound No Cisco IOS Firewall or NAT Configuration
Document7 pages
Authentication Proxy Authentication Outbound No Cisco IOS Firewall or NAT Configuration
Andika Pajri
No ratings yet
NAD Config
Document18 pages
NAD Config
sediqullahhakimi1
No ratings yet
Name: Dhruv Darji ID No.: XIEIT181962 Subject: Advance Security Lab Roll No.: 07
Document8 pages
Name: Dhruv Darji ID No.: XIEIT181962 Subject: Advance Security Lab Roll No.: 07
Bhavin Jain
No ratings yet
Understand Web Authentication On Wireless LAN Controllers (WLC) - Cisco
Document15 pages
Understand Web Authentication On Wireless LAN Controllers (WLC) - Cisco
Ciscostuff
No ratings yet
Comware and ClearPass Integration
Document32 pages
Comware and ClearPass Integration
Denis Carpentier
No ratings yet
WebLogic As A Windows Service
Document4 pages
WebLogic As A Windows Service
mraza30
No ratings yet
Oracle AVDF Unified Audit
Document17 pages
Oracle AVDF Unified Audit
Fat Soldiers
No ratings yet
Error DB
Document4 pages
Error DB
Hayathullah Ahmed
No ratings yet
Authentication, Authorization, and Accounting (AAA)
Document20 pages
Authentication, Authorization, and Accounting (AAA)
Hafizh Maulidan
No ratings yet
IntegrationServer Readme 9-12 PDF
Document174 pages
IntegrationServer Readme 9-12 PDF
varma_43
No ratings yet
Bypass ClientSide Control Presentation
Document28 pages
Bypass ClientSide Control Presentation
Joona John
No ratings yet
Performance Testing Interview Q&A PDF
Document68 pages
Performance Testing Interview Q&A PDF
kumard205
100% (1)
SAP Signavio Business Process Model Connector Troubleshooting Guide - Technical
Document7 pages
SAP Signavio Business Process Model Connector Troubleshooting Guide - Technical
pravalikakaran
No ratings yet
MDC 9694
Document55 pages
MDC 9694
Mrinal Tripathy
No ratings yet
Taller Squid
Document6 pages
Taller Squid
Henry Angel
No ratings yet
VPS Server Setup
From Everand
VPS Server Setup
L Mohan Arun
Rating: 5 out of 5 stars
5/5 (1)
Configuration and Evaluation of Some Microsoft and Linux Proxy Servers, Security, Intrusion Detection, AntiVirus and AntiSpam Tools
From Everand
Configuration and Evaluation of Some Microsoft and Linux Proxy Servers, Security, Intrusion Detection, AntiVirus and AntiSpam Tools
Dr. Hidaia Mahmood Alassouli
No ratings yet
Learning VMware vRealize Automation
From Everand
Learning VMware vRealize Automation
Rajendran Sriram
No ratings yet
ETHICAL HACKING GUIDE-Part 3: Comprehensive Guide to Ethical Hacking world
From Everand
ETHICAL HACKING GUIDE-Part 3: Comprehensive Guide to Ethical Hacking world
POONAM DEVI
No ratings yet
Vps Toolkit
From Everand
Vps Toolkit
Davide Gatti
No ratings yet
Port Security On Huawei Switches PDF
Document2 pages
Port Security On Huawei Switches PDF
Hussein Dhafan
No ratings yet
STP Attack and Root Protection Feature On Huawei Switches PDF
Document4 pages
STP Attack and Root Protection Feature On Huawei Switches PDF
Hussein Dhafan
No ratings yet
Huawei ACL and Traffic Policy Configuration
Document5 pages
Huawei ACL and Traffic Policy Configuration
Hussein Dhafan
No ratings yet
VRRP On Huawei Router PDF
Document7 pages
VRRP On Huawei Router PDF
Hussein Dhafan
No ratings yet
Mpls l3vpn On Huawei Routers PDF
Document9 pages
Mpls l3vpn On Huawei Routers PDF
Ali Azan
No ratings yet
Ospf Stub Area On Huawei PDF
Document4 pages
Ospf Stub Area On Huawei PDF
Hussein Dhafan
No ratings yet
Ipsec On Huawei Ar Router PDF
Document5 pages
Ipsec On Huawei Ar Router PDF
Hussein Dhafan
No ratings yet
Isis On Huawei Routers PDF
Document7 pages
Isis On Huawei Routers PDF
Hussein Dhafan
No ratings yet
Multiple Spanning Tree Protocol On Huawei Switch PDF
Document8 pages
Multiple Spanning Tree Protocol On Huawei Switch PDF
Hussein Dhafan
No ratings yet
Huawei Ar1200 Nat Configuration PDF
Document4 pages
Huawei Ar1200 Nat Configuration PDF
Hussein Dhafan
100% (1)
GRE On Huawei Routers
Document5 pages
GRE On Huawei Routers
Hussein Dhafan
No ratings yet
Huawei Cli Output Modifiers PDF
Document4 pages
Huawei Cli Output Modifiers PDF
Hussein Dhafan
No ratings yet
Huawei Cli Introduction PDF
Document3 pages
Huawei Cli Introduction PDF
Hussein Dhafan
No ratings yet
From Huawei Command Line Check
Document2 pages
From Huawei Command Line Check
Hussein Dhafan
No ratings yet
Huawei Ar19 29 49 Router DHCP Configuration PDF
Document2 pages
Huawei Ar19 29 49 Router DHCP Configuration PDF
Hussein Dhafan
No ratings yet
How To Find TC Packets Source On Huawei Switch PDF
Document2 pages
How To Find TC Packets Source On Huawei Switch PDF
Hussein Dhafan
No ratings yet
How To Display Power of Optical Module PDF
Document3 pages
How To Display Power of Optical Module PDF
Hussein Dhafan
No ratings yet
How To Configure Trunk Between Huawei Router and Switch PDF
Document2 pages
How To Configure Trunk Between Huawei Router and Switch PDF
Hussein Dhafan
100% (1)
Info Tech Ia Unit 2 Sample
Document15 pages
Info Tech Ia Unit 2 Sample
Shante Morgan
100% (1)
Alert Notification Document: EAI Replacement
Document9 pages
Alert Notification Document: EAI Replacement
HaribabuDatti
No ratings yet
ERP Individual Assignment
Document15 pages
ERP Individual Assignment
Farrah Mahmood
No ratings yet
DBMS
Document1 page
DBMS
compu_x
No ratings yet
Node B Test Moshell
Document13 pages
Node B Test Moshell
Saif Abdullah
No ratings yet
Improve Database Performance With Intel Xeon Platinum 8180 and 8160 Processors
Document6 pages
Improve Database Performance With Intel Xeon Platinum 8180 and 8160 Processors
Principled Technologies
No ratings yet
White Paper Data Masking 101 Final2022
Document14 pages
White Paper Data Masking 101 Final2022
Ismail Cassiem
No ratings yet
TFS Main Concepts
Document7 pages
TFS Main Concepts
patriciachf
No ratings yet
Autonomous Transaction Processing
Document179 pages
Autonomous Transaction Processing
SarojiniBalakrishnan
No ratings yet
Abap Syllabus
Document5 pages
Abap Syllabus
Prasad Muthukrish
No ratings yet
Curriculum Vitae: Suraj Prakash Saini
Document2 pages
Curriculum Vitae: Suraj Prakash Saini
RK VASHISTHA
No ratings yet
SQL Statements PANTHEON Database Management 18-19-10 2018
Document3 pages
SQL Statements PANTHEON Database Management 18-19-10 2018
Aleksandar Blašković
No ratings yet
Lightning Process Builder: Advantages and Usage
Document28 pages
Lightning Process Builder: Advantages and Usage
erp.technical16591
No ratings yet
Postgresql Create Table
Document4 pages
Postgresql Create Table
Anil Yadav
No ratings yet
Kahikina o Ka La Presentation
Document22 pages
Kahikina o Ka La Presentation
api-235383355
No ratings yet
Oracle FCCS Data Load Using Data Management
Document15 pages
Oracle FCCS Data Load Using Data Management
Amit Sharma
100% (1)
SDS Online Shopping Application Project
Document10 pages
SDS Online Shopping Application Project
Mungai Kagechu
No ratings yet
Databricks Certified Data Engineer Associate 4
Document13 pages
Databricks Certified Data Engineer Associate 4
Vipul Gupta
No ratings yet
Razaq Resume
Document1 page
Razaq Resume
razaq Siddiqui 114
No ratings yet
FSG Assigning Access To Row Set & Column Sets
Document3 pages
FSG Assigning Access To Row Set & Column Sets
ahsanseeb
No ratings yet
Readme
Document3 pages
Readme
Ashok Thiyagarajan
No ratings yet
On-Page Seo Report
Document21 pages
On-Page Seo Report
api-511943188
No ratings yet
Deployment Options
Document31 pages
Deployment Options
sampath2505
No ratings yet
Templates For Responding To A Customer Complaint v1.1
Document3 pages
Templates For Responding To A Customer Complaint v1.1
SOWJANYA y
No ratings yet
Easyclient Basics
Document36 pages
Easyclient Basics
Trần Nhật Vương
No ratings yet
BW & Bi Security
Document10 pages
BW & Bi Security
Aruna Sukeerthi
100% (1)
05 Table Space
Document32 pages
05 Table Space
pravin2projects
No ratings yet