Download Print this page

H3C S5500-HI Series Fundamentals Configuration Manual page 52

Hide thumbs Also See for S5500-HI Series:

Mpls configuration manual (400 pages)

,

Command reference manual (311 pages)

,

Fundamentals configuration manual (165 pages)

Table Of Contents

page of 180

/ 180
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

To do...

Enable command authorization

Enable command accounting

Exit to system view

Enter the default ISP

domain view

Specify the AAA

Configure

scheme to be

the

applied to the

authentic

domain

ation

mode

Exit to system view

Create a local user and enter

local user view

Set the local password

Use the command...

command authorization

command accounting

quit

domain domain-name

authentication default

{ hwtacacs-scheme

hwtacacs-scheme-name

[ local ] | local | none |

radius-scheme

radius-scheme-name

[ local ] }

quit

local-user user-name

password { cipher |

simple } password

41

Remarks

Optional

By default, command authorization is not

enabled.

•

Create a HWTACACS scheme, and

specify the IP address of the authorization

server and other authorization

parameters. For more information, see

Security Configuration Guide.

•

Reference the created HWTACACS

scheme in the ISP domain. For more

information, see Security Configuration

Guide.

Optional

•

By default, command accounting is

disabled. The accounting server does not

record the commands executed by users.

•

Command accounting allows the

HWTACACS server to record all executed

commands that are supported by the

device, regardless of the command

execution result. This helps control and

monitor user operations on the device. If

command accounting is enabled and

command authorization is not enabled,

every executed command is recorded on

the HWTACACS server. If both command

accounting and command authorization

are enabled, only the authorized and

executed commands are recorded on the

HWTACACS server.

—

Optional

By default, the AAA scheme is local.

If you specify the local AAA scheme, perform

the configuration concerning local user as

well. If you specify an existing scheme by

providing the radius-scheme-name argument,

perform the following configuration as well:

•

For RADIUS and HWTACACS

configuration, see Security Configuration

Guide.

•

Configure the username and password on

the AAA server. (For more information, see

Security Configuration Guide.)

By default, no local user exists.

Required

By default, no local password is set.

Table of Contents

Advertisement

Table of Contents

Related Products for H3C S5500-HI Series