Huawei SmartAX MA5603T Configuration Manual page 271
Access module
Hide thumbs
Also See for SmartAX MA5603T:
- Hardware description (977 pages) ,
- Hardware description (65 pages)
Table of Contents
Advertisement
SmartAX MA5600T/MA5603T/MA5608T Multi-service
Access Module
Commissioning and Configuration Guide
Create HWTACACS server template named hwtest with the HWTACACS server 10.10.66.66
as the primary authentication, authorization and accounting server, and the HWTACACS server
10.10.66.67 as the secondary authentication, authorization and accounting server.
huawei(config)#hwtacacs-server template hwtest
Create a new HWTACACS-server template
huawei(config-hwtacacs-radtest)#hwtacacs-server authentication 10.10.66.66
huawei(config-hwtacacs-radtest)#hwtacacs-server authentication 10.10.66.67
secondary
huawei(config-hwtacacs-hwtest)#hwtacacs-server authorization 10.10.66.66
huawei(config-hwtacacs-hwtest)#hwtacacs-server authorization 10.10.66.67 secondary
huawei(config-hwtacacs-radtest)#hwtacacs-server accounting 10.10.66.66
huawei(config-hwtacacs-radtest)#hwtacacs-server accounting 10.10.66.67 secondary
huawei(config-hwtacacs-radtest)#quit
Step 5 Configure the 802.1X authentication.
1.
2.
Step 6 Create a domain.
Create a domain named isp1.
huawei(config)
#aaa
huawei(config-aaa)#domain isp1
Info: Create a new domain
Step 7 Use the authentication scheme.
You can use an authentication scheme in a domain only after the authentication scheme is
created.
huawei(config-aaa-domain-isp1)#authentication-scheme newscheme
Step 8 Use the authorization scheme.
You can use an authorization scheme in a domain only after the authorization scheme is created.
huawei(config-aaa-domain-isp1)#authorization-scheme newscheme
Step 9 Use the accounting scheme.
You can use an accounting scheme in a domain only after the accounting scheme is created.
huawei(config-aaa-domain-isp1)#accounting-scheme newscheme
Issue 01 (2014-04-30)
Enable the 802.1X global switch. Enable the 802.1X authentication for ports 1, 2, and 3.
The 802.1X needs to be triggered by DHCP. Therefore, the DHCP-trigger authentication
must be enabled.
huawei(config)#dot1x enable
huawei(config)#dot1x service-port 1
huawei(config)#dot1x service-port 2
huawei(config)#dot1x service-port 3
huawei(config)#dot1x dhcp-trigger enable
Configure an 802.1X parameters. In the local termination authentication, the 802.1X
parameters should be configured to be in the EAP termination mode. The count of allowed
handshake failure is 1 and the handshake interval is 20s.
huawei(config)#dot1x keepalive retransmit 1 interval 20 service-port 1
huawei(config)#dot1x keepalive retransmit 1 interval 20 service-port 2
huawei(config)#dot1x keepalive retransmit 1 interval 20 service-port 3
huawei(config)#dot1x eap-end service-port 1
huawei(config)#dot1x eap-end service-port 2
huawei(config)#dot1x eap-end service-port 3
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 Basic Configurations
246
- Quick Links:
- Commissioning Introduction
Hide quick links:
Advertisement
Table of Contents
