AAA (Authentication, Authorization and Accounting) Huawei

cemerbas 24 Haziran 2019 Huawei Leave a comment 177 Views

Ağ güvenliği tanımlamasında kimlik doğrulama, yetkilendirme ve muhasebe terimlerinin ilklerini tanımlayan ve ağdan gelen bilgi paketlerini bazı modellere göre dikkatlice inceleyen ve kötü niyetli faaliyetleri bilgilendiren bir sistemdir.
Authentication: sunucu, anahtar veya yönlendirici kullanırken cihazın veya kullanıcının doğrulanması.
Authorization: Kullanıcıya veya kullanıcılara sisteme, programa ve ağa erişim izni verme.
Accounting: herhangi bir kullanıcı ne yapar, kullanıcı işlemleri, kullanıcı veri bağlantıları ve kullanıcı sistem kayıtları

aaaa

  1. Cihaz isimleri ve ip address verme.
    [Huawei]sysname Router11111
    [Router1]interface GigabitEthernet 0/0/0
    [Router1-GigabitEthernet0/0/0]ip address 119.84.111.1 24
    [Huawei]sysname Router3
    [Router3]interface GigabitEthernet 0/0/0
    [Router3-GigabitEthernet0/0/0]ip address 119.84.111.3 24
    Router1 ve Router3 arasındaki bağlantıyı kontrol edelim.
    ping 119.84.111.3
    PING 119.84.111.3: 56 data bytes, press CTRL_C to break
    Reply from 119.84.111.3: bytes=56 Sequence=1 ttl=255 time=140 ms
    Reply from 119.84.111.3: bytes=56 Sequence=2 ttl=255 time=60 ms
    Reply from 119.84.111.3: bytes=56 Sequence=3 ttl=255 time=60 ms
    Reply from 119.84.111.3: bytes=56 Sequence=4 ttl=255 time=60 ms
    Reply from 119.84.111.3: bytes=56 Sequence=5 ttl=255 time=60 ms
    — 119.84.111.3 ping statistics —
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 60/76/140 ms
  2. Router1 cihazı için AAA konfigürasyonunu yapılandırma.
    Router1 routeri için authentication-schame ve authorization-schame konfigurasyonlarını tamamlayalım ve aynı ayarları Router3 içinde yapalım.
    [Router1]aaa
    [Router1-aaa]authentication-scheme auth1
    Info: Create a new authentication scheme.
    [Router1-aaa-authen-auth1]authentication-mode local
    [Router1-aaa-authen-auth1]quit
    [Router1-aaa]authorization-scheme auth2
    Info: Create a new authorization scheme.
    [Router1-aaa-author-auth2]authorization-mode local
    [Router1-aaa-author-auth2]quit
    Router1’in domaini huawei olarak yapılandıralım, daha sonra oluşturduğumuz kullanıcılarda buna uygun olarak yapılandıralım.
    [Router1-aaa]domain huawei
    Info: Success to create a new domain.
    [Router1-aaa-domain-huawei]authentication-scheme auth1
    [Router1-aaa-domain-huawei]authorization-scheme auth2
    [Router1-aaa-domain-huawei]quit
    [Router1-aaa]local-user user1@huawei password cipher huawei
    Info: Add a new user.
    [Router1-aaa]local-user user1@huawei service-type telnet
    [Router1-aaa]local-user user1@huawei privilege level 0
    Router1 cihazında AAA authentication modda telnet serverı etkinleştirelim.
    [Router1]user-interface vty 0 4
    [Router1-ui-vty0-4]authentication-mode aaa
    Router1 cihazında telnet hizmetinin başarıyla kurulup kurulmadığını kontrol edelim.
    telnet 119.84.111.1
    Trying 119.84.111.1 …
    Press CTRL+K to abort
    Connected to 119.84.111.1 …
    Login authentication
    Username:user1@huawei
    Password:
    sys
    system-view
    ^
    Error: Unrecognized command found at ‘^’ position.
    quit
  3. Router3 cihazı için AAA konfigürasyonunu yapılandırma.
    [Router3]aaa
    [Router3-aaa]authentication-scheme auth1
    Info: Create a new authentication scheme.
    [Router3-aaa-authen-auth1]authentication-mode local
    [Router3-aaa-authen-auth1]quit
    [Router3-aaa]authorization-scheme auth2
    Info: Create a new authorization scheme.
    [Router3-aaa-author-auth2]authorization-mode local
    [Router3-aaa-author-auth2]quit
    Router3’in domaini huawei olarak yapılandıralım, daha önce oluşturduğumuz kullanıcılara uygun olsun.
    [Router3-aaa]domain huawei
    [Router3-aaa-domain-huawei]authentication-scheme auth1
    [Router3-aaa-domain-huawei]authorization-scheme auth2
    [Router3-aaa-domain-huawei]quit
    [Router3-aaa]local-user user3@huawei password cipher huawei
    Info: Add a new user.
    [Router3-aaa]local-user user3@huawei service-type telnet
    [Router3-aaa]local-user user3@huawei privilege level 0
    Router1 cihazında AAA authentication modda telnet serverı etkinleştirelim.
    [Router3]user-interface vty 0 4
    [Router3-ui-vty0-4]authentication-mode aaa
    Router3 cihazında telnet hizmetinin başarıyla kurulup kurulmadığını kontrol edelim.
    telnet 119.84.111.3
    Trying 119.84.111.3 …
    Press CTRL+K to abort
    Connected to 119.84.111.3 …
    Login authentication
    Username:user3@huawei
    Password:
    system-view
    ^
    Error: Unrecognized command found at ‘^’ position.
  4. AAA konfigürasyonunun sonuçları.
    display domain name huawei
    Domain-name : huawei
    Domain-state : Active
    Authentication-scheme-name : auth1
    Accounting-scheme-name : default
    Authorization-scheme-name : auth2
    Service-scheme-name : –
    RADIUS-server-template : –
    HWTACACS-server-template : –
    User-group : –
    display local-user username user1@huawei
    The contents of local user(s):
    Password : **
    State : active
    Service-type-mask : T
    Privilege level : 0
    Ftp-directory : –
    Access-limit : –
    Accessed-num : 0
    Idle-timeout : –
    User-group : –
    display domain name huawei
    Domain-name : huawei
    Domain-state : Active
    Authentication-scheme-name : auth1
    Accounting-scheme-name : default
    Authorization-scheme-name : auth2
    Service-scheme-name : –
    RADIUS-server-template : –
    HWTACACS-server-template : –
    User-group : –
    display local-user username user3@huawei
    The contents of local user(s):
    Password : **
    State : active
    Service-type-mask : T
    Privilege level : 0
    Ftp-directory : –
    Access-limit : –
    Accessed-num : 0
    Idle-timeout : –
    User-group : –
    Sonuç…
    display current-configuration
    #
    sysname Router1
    #
    aaa
    authentication-scheme default
    authentication-scheme auth1
    authorization-scheme default
    authorization-scheme auth2
    accounting-scheme default
    domain default
    domain default_admin
    domain huawei
    authentication-scheme auth1
    authorization-scheme auth2
    local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
    local-user admin service-type http
    local-user user1@huawei password cipher ,fM\8+wUb#3@9_G-B0Y2lf”#
    local-user user1@huawei privilege level 0
    local-user user1@huawei service-type telnet
    #
    interface GigabitEthernet0/0/0
    ip address 119.84.111.1 255.255.255.0
    #
    user-interface con 0
    user-interface vty 0 4
    authentication-mode aaa
    user-interface vty 16 20
    #
    Return
    display current-configuration
    #
    sysname Router3
    #
    aaa
    authentication-scheme default
    authentication-scheme auth1
    authorization-scheme default
    authorization-scheme auth2
    accounting-scheme default
    domain default
    domain default_admin
    domain huawei
    authentication-scheme auth1
    authorization-scheme auth2
    local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
    local-user admin service-type http
    local-user user3@huawei password cipher gQ+ZJr.h/939O4.`(ZGxU:#
    local-user user3@huawei privilege level 0
    local-user user3@huawei service-type telnet
    #
    interface GigabitEthernet0/0/0
    ip address 119.84.111.3 255.255.255.0
    #
    user-interface con 0
    user-interface vty 0 4
    authentication-mode aaa
    user-interface vty 16 20
    #
    Return

About cemerbas

Check Also

Next Generation Firewall (NGFW) Huawei

Next Generation Firewall (NGFW) üzerinden geçen trafiği, Application identification, User identification ve Content identification temellerine …

Bir yanıt yazın

* Powered by WordPress | Designed by Cem Kemal Erbaş
© Copyright 2015 - 2024, All RigReservedhts