Configuration Example - HP FlexFabric 7900 Series Configuration Manual

Step
3. Enable scheme
authentication.
4. Enable command
authorization.

Configuration example

Network requirements
Configure the device in
commands that are authorized by the HWTACACS server or, when the HWTACACS server is not
available, the device itself.
Figure 17 Network diagram
Configuration procedure
# Assign IP addresses to relevant interfaces and make sure the device and the HWTACACS server can
reach each other and the device and Host A can reach each other. (Details not shown.)
# Enable the Telnet server.
<Device> system-view
[Device] telnet server enable
# Enable scheme authentication for user lines VTY 0 through VTY 63.
[Device] line vty 0 63
Command
authentication-mode scheme
command authorization
Figure 17 so a user can use Host A to log in to the device and execute only
42
Remarks
By default, authentication is disabled for
the AUX line and password authentication
is enabled for the VTY line.
In VTY line view, this command is
associated with the protocol inbound
command. If you specify a non-default
value for only one of the two commands in
VTY line view, the other command uses the
default setting, regardless of the setting in
VTY line class view.
By default, command authorization is
disabled, and the commands available for
a user only depend on the user role.
If the command authorization command is
configured in user line class view,
command authorization is enabled on all
user lines in the class, and you cannot
configure the undo command
authorization command in the view of a
user line in the class.