Huawei OLT HWTACACS Authentication (User Management) - GPON Solution
March 25, 2023

Huawei OLT HWTACACS Authentication (User Management)

Huawei OLT HWTACACS Authentication (User Management):

Today I will show how to configure HWTACACS Authentication (User Management ) so lets go…………

Prerequisites:

  •  The route from the MA5600T/MA5603T/MA5608T to the HWTACACS server must be configured.
  • The management user information (user name@domain and password) must be configured on the HWTACACS server.

Service Requirements:

  • The HWTACACS server performs authentication for management user of domain isp1.
  • The user logs in to the server carrying the domain name.
  • The HWTACACS server with the IP address 10.10.10.10 functions as the primary server for authentication.
  • The HWTACACS server with the IP address 10.10.10.11 functions as the secondary server for authentication.
  • Other parameters adopt the default settings.

Topology Diagram HWTACACS authentication:

AAA Config Huawei OLT by HWTACACS
AAA Config Huawei OLT by HWTACACS

Procedure:

Step 1: Configure the authentication scheme.

  • Configure authentication scheme named login-auth(users are authenticated through HWTACACS).

Huawei-OLT(config)#aaa
Huawei-OLT(config-aaa)#authentication-scheme login-auth
Huawei-OLT(config-aaa-authen-login-auth)#authentication-mode hwtacacs
Huawei-OLT(config-aaa-authen-login-auth)#quit

[adsense]

Step 2: Configure the HWTACACS protocol.

  • Create HWTACACS server template named ma56t-loginwith HWTACACS server 10.10.10.10 as the primary authentication server, and HWTACACS server 10.10.10.11 as the secondary authentication server.

Huawei-OLT(config)#hwtacacs-server template ma56t-login
Create a new HWTACACS-server template

Huawei-OLT(config-hwtacacs-ma56t-login)#hwtacacs-server authentication 10.10.10.10 1812
Huawei-OLT(config-hwtacacs-ma56t-login)#hwtacacs-server authentication 10.10.10.11 1812 secondary
Huawei-OLT(config-hwtacacs-ma56t-login)#quit

Step 3: Create a domain named isp1.

NOTE:

  • A domain is a group of users of the same type.
  •  In the user name format userid@domain-name (for example, Shahed@huawei.net), “userid” indicates the user name for authentication and “domain-name” followed by “@” indicates the domain name.
  • The domain name for user login cannot exceed 15 characters, and the other domain names cannot exceed 20 characters.

Huawei-OLT(config)#aaa
Huawei-OLT(config-aaa)#domain isp1
Info: Create a new domain

Step 4: Use the authentication scheme login-auth.

You can use an authentication scheme in a domain only after the authentication scheme is created.

Huawei-OLT(config-aaa-domain-isp1)#authentication-scheme login-auth

Step 5: Bind the HWTACACS server template ma56t-loginto the user.

-You can use an HWTACACS server template in a domain only after the HWTACACS server template is created.

Huawei-OLT(config-aaa-domain-isp1)#hwtacacs-server ma56t-login

Configuration Huawei OLT HWTACACS Authentication:

Huawei-OLT(config)#aaa
Huawei-OLT(config-aaa)#authentication-scheme login-auth
Huawei-OLT(config-aaa-authen-login-auth)#authentication-mode hwtacacs
Huawei-OLT(config-aaa-authen-login-auth)#quit
Huawei-OLT(config-aaa)#quit
Huawei-OLT(config)#hwtacacs-server template ma56t-login
Huawei-OLT(config-hwtacacs-ma56t-login)#hwtacacs-server authentication 10.10.10.10 1812
Huawei-OLT(config-hwtacacs-ma56t-login)#hwtacacs-server authentication 10.10.10.11 1812 secondary
Huawei-OLT(config-hwtacacs-ma56t-login)#quit
Huawei-OLT(config)#aaa
Huawei-OLT(config-aaa)#domain isp1
Huawei-OLT(config-aaa-domain-isp1)#authentication-scheme login-auth
Huawei-OLT(config-aaa-domain-isp1)#hwtacacs-server ma56t-login
Huawei-OLT(config-aaa-domain-isp1)#quit
Huawei-OLT(config-aaa)#quit

Look Like bellow format in OLT:

Huawei OLT HWTACACS Authentication
Huawei OLT HWTACACS Authentication

Shahed

Hi! I am Shahed. Currently working as a Network Engineer. I want to build up my carrier in Networking field.

Follow Me:
TwitterFacebookLinkedInPinterestGoogle PlusDiggYouTubeRedditDelicious

Comments

comments

Shahed

Hi! I am Shahed. Currently working as a Network Engineer. I want to build up my carrier in Networking field.

View all posts by Shahed →

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

error: Content is protected !!