H3C S5500-HI Series Fundamentals Configuration Manual page 44
Hide thumbs
Also See for S5500-HI Series:
- Mpls configuration manual (400 pages) ,
- Command reference manual (311 pages) ,
- Fundamentals configuration manual (165 pages)
Table of Contents
Advertisement
To do...
Enter the ISP
domain view
Apply the
Configure
specified AAA
the
scheme to the
authentica
domain
tion mode
Exit to system view
Create a local user and enter
local user view
Set the authentication password
for the local user
Specifies the command level of
the local user
Specify the service type for the
local user
Configure common settings for
console login
After you enable command authorization or command accounting, you need to perform the following
configuration to make the function take effect:
Create a HWTACACS scheme, and specify the IP address of the authorization server and other
•
authorization parameters.
•
Reference the created HWTACACS scheme in the ISP domain.
For more information, see Security Configuration Guide.
When users adopt the scheme mode to log in to the device, the level of the commands that the users can
access depends on the user privilege level defined in the AAA scheme.
When the AAA scheme is local, the user privilege level is defined by the authorization-attribute
•
level level command.
•
When the AAA scheme is RADIUS or HWTACACS, the user privilege level is configured on the
RADIUS or HWTACACS server.
For more information about AAA, RADIUS, and HWTACACS, see Security Configuration Guide.
•
After the configuration, when you log in to the device through the console port, you are prompted to enter
a login username and password. A prompt such as <H3C> appears after you enter the password and
username and press Enter, as shown in
Use the command...
domain domain-name
authentication default
{ hwtacacs-scheme
hwtacacs-scheme-name
[ local ] | local | none |
radius-scheme
radius-scheme-name
[ local ] }
quit
local-user user-name
password { cipher |
simple } password
authorization-attribute
level level
service-type terminal
—
Figure 1
1.
33
Remarks
Optional
By default, the AAA scheme is local.
If you specify the local AAA scheme, you
need to perform local user configuration. If
you specify an existing scheme by providing
the radius-scheme-name argument, perform
the following configuration as well:
•
For RADIUS and HWTACACS
configuration, see Security Configuration
Guide.
•
Configure the username and password on
the AAA server. (For more information, see
Security Configuration Guide.)
Required
By default, no local user exists.
Required
Optional
By default, the command level is 0.
Required
By default, no service type is specified.
Optional
See
"Configuring common settings for
console login
(optional)."
Advertisement
Table of Contents
