beautypg.com

H3C Technologies H3C SecPath F1000-E User Manual

Page 207

background image

13

To do…

Use the command…

Remarks

Using remote
authentication
(RADIUS,

HWTACACS,

and LDAP

authentications)

Configure user level on the
authentication server

For remote authentication, if
you do not configure the user
level, the user level depends on

the default configuration of the

authentication server.

NOTE:

For more information about user interfaces, see

User Interface Configuration in the System Volume. For

more information about the user-interface, authentication-mode and user privilege level commands, see

User Interface Commands in the System Volume.

For more information about AAA authentication, see

RADIUS Configuration in the Firewall Web

Configuration Manual.

For more information about SSH, see

SSH 2.0 Configuration in the Security Volume.

Example of configuring user privilege level by using AAA authentication parameters

# Authenticate the users that telnet to the device through VTY 1, verify their usernames and passwords

locally, and specify the user privilege level as 3.

system-view

[Sysname] user-interface vty 1

[Sysname-ui-vty1] authentication-mode scheme

[Sysname-ui-vty1] quit

[Sysname] local-user test

[Sysname-luser-test] password cipher 123

[Sysname-luser-test] service-type telnet

After the above configuration, when users telnet to the device through VTY 1, they need to input username
test and password 123. After passing the authentication, users can only use the commands of level 0.

If the users need to use commands of levels 0, 1, 2 and 3, the following configuration is required:

[Sysname-luser-test] authorization-attribute level 3

Configure the user privilege level under a user interface

If the user interface authentication mode is scheme when a user logs in, and SSH publickey
authentication type (only username is needed for this authentication type) is adopted, then the user

privilege level is the user interface level;

If a user logs in by using the none or password mode (namely, no username is needed), the user

privilege level is the user interface level.

Follow these steps to configure the user privilege level under a user interface (SSH publickey
authentication type):

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: