# Create a local user named guest and enter local user view.
[Sysname] local-user guest
# Set the authentication password to 123456 (in plain text).
[Sysname-luser-guest] password simple 123456
# Set the service type to Terminal.
[Sysname-luser-guest] service-type terminal
# Enter AUX user interface view.
[Sysname] user-interface aux 0
# Configure to authenticate the user logging in through the Console port in the scheme mode.
[Sysname-ui-aux0] authentication-mode scheme
# Set the baud rate of the Console port to 19200 bps.
[Sysname-ui-aux0] speed 19200
# Set the maximum number of lines the screen can contain to 30.
[Sysname-ui-aux0] screen-length 30
# Set the maximum number of commands the history command buffer can store to 20.
[Sysname-ui-aux0] history-command max-size 20
# Set the timeout time of the AUX user interface to 6 minutes.
[Sysname-ui-aux0] idle-timeout 6
Configure the authentication scheme
Configure the authentication server by referring to related parts in AAA Configuration.
After the above configurations, you need to modify the configurations of the terminal emulation utility
running on the user PC accordingly, as shown in
configurations of the terminal emulation utility and those of the switch. Otherwise, you will fail to log in to
Configuring Command Authorization
By default, command level for a login user depends on the user level. The user is authorized the
command with the default level not higher than the user level. With the command authorization
configured, the command level for a login user is decided by both the user level and AAA authorization.
If a user executes a command of the corresponding user level, the authorization server checks whether
the command is authorized. If yes, the command can be executed.
The authorization server checks the commands authorized for users through the username, and thus
the command authorization configuration involves four steps:
Configure the authentication mode as scheme (that is, use username and password are required
for authentication) when users log in.
Enable command authorization. See the following table for details.
Configure a HWTACACS scheme. Specify the IP addresses of the HWTACACS authorization
servers and other related parameters.
Configure the ISP domain to use the HWTACACS scheme for command line users. For details,
refer to the section Configuring AAA Authorization Methods for an ISP Domain of AAA
Configuration in the Security Volume.
2-4, thus ensuring the consistency between the