beautypg.com

H3C Technologies H3C S7500E Series Switches User Manual

Page 29

background image

1-18

To do…

Use the command…

Remarks

Specify the scheme authentication

mode

authentication-mode scheme

Required

By default, the authentication

mode for VTY and AUX users is

password, and no authentication

is needed for console and TTY

login users.

Return to system view

quit

Configure the authentication mode

for SSH users as password

For more information, see SSH2.0

Configuration in the Security

Configuration Guide.

Required if users use SSH to log

in, and username and password

are needed at authentication

Using local

authentication

z

Use the local-user command

to create a local user and enter

local user view.

z

Use the level keyword in the

authorization-attribute

command to configure the user

privilege level.

Configure the

user privilege

level by using

AAA

authentication

parameters

Using remote

authentication

(RADIUS,

HWTACACS,

and LDAP

authentications)

Configure the user privilege level

on the authentication server

User either approach

z

For local authentication, if you

do not configure the user

privilege level, the user

privilege level is 0, that is,

users of this level can use

commands at level 0 only.

z

For remote authentication, if

you do not configure the user

privilege level, the user

privilege level depends on the

default configuration of the

authentication server.

Example of configuring a user privilege level by using AAA authentication parameters

# It is required to authenticate the users that telnet to the switch through VTY 1, verify their username

and password, and specify the user privilege level as 3.

system-view

[Sysname] user-interface vty 1

[Sysname-ui-vty1] authentication-mode scheme

[Sysname-ui-vty1] quit

[Sysname] local-user test

[Sysname-luser-test] password cipher 12345678

[Sysname-luser-test] service-type telnet

After the above configuration, when users telnet to the switch through VTY 1, they need to input

username test and password 12345678. After passing the authentication, users can only use the

commands of level 0. If the users need to use commands of levels 0, 1, 2 and 3, the following

configuration is required:

[Sysname-luser-test] authorization-attribute level 3

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: