To do...
Apply the
specified
AAA scheme
to the domain
Return to
system view
Create a local user and
enter local user view
Set the authentication
password for the local user
Specify the command level
of the local user
Specify the service type for
the local user
Configure common settings
for modem login
After you enable command authorization or command accounting, you need to perform the following
configuration to make the function take effect:
Create a HWTACACS scheme, and specify the IP address of the authorization server and other
•
authorization parameters.
Reference the created HWTACACS scheme in the ISP domain.
•
For more information, see Security Configuration Guide.
When users adopt the scheme mode to log in to the device, the level of the commands that the users can
access depends on the user privilege level defined in the AAA scheme.
When the AAA scheme is local, the user privilege level is defined by the authorization-attribute
•
level level command.
When the AAA scheme is RADIUS or HWTACACS, the user privilege level is configured on the
•
RADIUS or HWTACACS server.
For more information about AAA, RADIUS, and HWTACACS, see Security Configuration Guide.
After the configuration, when you log in to the device through modems, you are prompted to enter a
login username and password. A prompt such as <HP> appears after you input the password and
username and press Enter, as shown in
Use the command...
authentication default
{ hwtacacs-scheme
hwtacacs-scheme-name [ local ] |
local | none | radius-scheme
radius-scheme-name [ local ] }
quit
local-user user-name
password { cipher | simple }
password
authorization-attribute level level
service-type terminal
—
Figure
26.
59
Remarks
Required
By default, no local user exists.
Required
Optional
By default, the command level is 0.
Required
By default, no service type is specified.
Optional
See
"Configuring common settings for
modem login
(optional)."