beautypg.com

H3C Technologies H3C S5120 Series Switches User Manual

Page 637

background image

1-10

To do…

Use the command…

Remarks

Exit to system view

quit

Configure the authentication
mode for SSH users as
password

For the details, refer to SSH2.0
Configuration.

Required if users use SSH to
log in, and username and
password are needed at
authentication

Using local
authentication

z

Use the local-user
command to create a local
user and enter local user
view.

z

Use the level keyword in the
authorization-attribute
command to configure the
user level.

Configure the
user privilege
level by using
AAA
authentication
parameters

Using remote
authentication
(RADIUS)

Configure user level on the
authentication server

User either approach

z

For local authentication, if
you do not configure the
user level, the user level is
0, that is, users of this level
can use commands with
level 0 only.

z

For remote authentication, if
you do not configure the
user level, the user level
depends on the default
configuration of the
authentication server.

z

For the description of user interface, refer to User Login Configuration; for the description of the

user-interface, authentication-mode and user privilege level commands, refer to Login

Commands.

z

For the introduction to AAA authentication, refer to AAA Configuration; for the description of the

local-user and authorization-attribute commands, refer to AAA Commands.

z

For the introduction to SSH, refer to SSH 2.0 Configuration.

Example of configuring user privilege level by using AAA authentication parameters

# Authenticate the users telnetting to the device through VTY 1, verify their usernames and passwords

locally, and specify the user privilege level as 3.

system-view

[Sysname] user-interface vty 1

[Sysname-ui-vty1] authentication-mode scheme

[Sysname-ui-vty1] quit

[Sysname] local-user test

[Sysname-luser-test] password cipher 123

[Sysname-luser-test] service-type telnet

After the above configuration, when users telnet to the device through VTY 1, they need to input

username test and password 123. After passing the authentication, users can only use the commands

of level 0. If the users need to use commands of levels 0, 1, 2 and 3, the following configuration is

required:

[Sysname-luser-test] authorization-attribute level 3

See also other documents in the category H3C Technologies Routers: