Step
9.
Create local user and
enter local user view.
10.
Set local password.
11.
Specify command
level of the local user.
12.
Specify service type
for the local user.
13.
Exit to system view.
14.
Configure common
settings for VTY user
interfaces.
After you enable command authorization, you must perform the following configuration to make the function
take effect:
Create a HWTACACS scheme, and specify the IP address of the authorization server and other
•
authorization parameters. For more information, see Security Configuration Guide.
•
Reference the created HWTACACS scheme in the ISP domain. For more information, see Security
Configuration Guide.
After you enable command accounting, you must perform the following configuration to make the function
take effect:
Create a HWTACACS scheme, and specify the IP address of the accounting server and other
•
accounting parameters. For more information, see Security Configuration Guide.
•
Reference the created HWTACACS scheme in the ISP domain. For more information, see Security
Configuration Guide.
When users adopt the scheme mode to log in to the device, the level of the commands that the users can
access depends on the user privilege level defined in the AAA scheme.
•
When the AAA scheme is local, the user privilege level is defined by the authorization-attribute level
level.
When the AAA scheme is RADIUS or HWTACACS, the user privilege level is configured on the RADIUS
•
or HWTACACS server.
For more information about AAA, RADIUS, and HWTACACS, see Security Configuration Guide.
When you log in to the device through Telnet again:
You are required to enter the login username and password. A prompt such as <HP> appears after you
•
enter the correct username (for example, admin) and password and press Enter, as shown in
After entering the correct username and password, if the device prompts you to enter another password
•
of the specified type, you will be authenticated for the second time. In other words, to pass
authentication, you must enter a correct password as prompted.
If "All user interfaces are used, please try later!" is displayed, it means the current login users exceed the
•
maximum number. Please try later.
Command
Remarks
local-user user-name
By default, no local user exists.
Required.
password { cipher |
simple } password
By default, no local password is set.
Optional.
authorization-attrib
ute level level
By default, the command level is 0.
Required.
service-type telnet
By default, no service type is specified.
quit
—
Optional.
—
See
(optional)."
43
"Configuring common settings for VTY user interfaces
Figure
13.