Download Print this page

H3C SR6600 Fundamentals Configuration Manual page 45

Hide thumbs Also See for SR6600:

Command reference manual (265 pages)

,

Configuration manual (145 pages)

,

Manual (80 pages)

Table Of Contents

page of 184

/ 184
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

To do...

Enable command authorization

Enable command accounting

Return to system view

Enter the ISP

domain view

Apply the specified

AAA scheme to

the domain

Configure

the

authentic

ation

mode

Exit to system

view

Create a local user and enter

local user view

Use the command...

command authorization

command accounting

quit

domain domain-name

authentication default

{ hwtacacs-scheme

hwtacacs-scheme-name [ local ] |

local | none | radius-scheme

radius-scheme-name [ local ] }

quit

local-user user-name

3-34

Remarks

Optional

By

default,

authorization is not enabled.

By default, the command level

depends on the user privilege

level. A user is authorized a

command level not higher than

the user privilege level. With

command authorization enabled,

the command level for a login

user is determined by both the

user privilege level and AAA

authorization. If a user executes

a command of the corresponding

command level, the authorization

server

checks

whether

command is authorized. If yes,

the command can be executed.

Optional

By default, command accounting

is

disabled.

The

server does not record the

commands executed by users.

Command accounting allows the

HWTACACS server to record all

the commands executed

users, regardless of command

execution results. This helps

control

and

monitor

operations on the device. If

command accounting is enabled

and command authorization is

not enabled, every executed

command is recorded on the

HWTACACS

server.

command

accounting

command

authorization

enabled, only the authorized and

executed

commands

recorded on the HWTACACS

server.

—

Optional

By default, the AAA scheme is local.

If you specify the local AAA scheme,

you need to perform local user

configuration. If you specify an

existing scheme by providing the

radius-scheme-name argument,

perform the following configuration

as well:

For RADIUS and HWTACACS

configuration, see AAA in the

Security Configuration Guide.

Configure the username and

password accordingly on the

AAA

server.

(For

information, see AAA in the

Security Configuration Guide.)

Required

By default, no local user exists.

command

the

accounting

by

user

If

both

and

are

are

more

Table of Contents

Advertisement

Table of Contents

Related Products for H3C SR6600