Figure 10 Password authentication interface for Telnet login
Configuring scheme authentication for Telnet login
When scheme authentication is used, you can configure the command authorization and command
accounting functions.
If command authorization is enabled, a command is available only if the user has the correct user
privilege level and is authorized to use the command by the AAA scheme.
Command accounting allows the HWTACACS server to record commands executed by users. This
function helps control and monitor user behavior on the device. If command accounting is enabled and
command authorization is not enabled, every executed command is recorded on the HWTACACS server.
If both command accounting and command authorization are enabled, only the authorized and
executed commands are recorded on the HWTACACS server.
Follow these guidelines when you configure scheme authentication for Telnet login:
To make the command authorization or command accounting function take effect, apply an
•
HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the
authorization server and other authorization parameters.
If the local authentication scheme is used, use the authorization-attribute level level command in
•
local user view to set the user privilege level on the device.
If a RADIUS or HWTACACS authentication scheme is used, set the user privilege level on the
•
RADIUS or HWTACACS server.
To configure scheme authentication for Telnet login:
Step
1.
Enter system view.
2.
Enable Telnet server.
3.
Enter one or multiple
VTY user interface views.
Command
system-view
telnet server enable
user-interface vty first-number
[ last-number ]
33
Remarks
N/A
Optional.
By default, the Telnet server function is
enabled.
N/A