Configuring command accounting – H3C Technologies H3C SecPath F1000-E User Manual

11

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter user interface view

user-interface { first-num1
[ last-num1 ] | { aux | console |
vty } first-num2 [ last-num2 ] }

—

Enable command authorization

command authorization

Required
Disabled by default, which means
users can execute commands

without authorization.

Configuring Command Accounting

Command accounting allows the HWTACACS server to record all executed commands that are
supported by the device, regardless of the command execution result. This helps control and monitor user
operations on the device.

If command accounting is enabled and command authorization is not enabled, every executed
command is recorded on the HWTACACS server. If both command accounting and command
authorization are enabled, only the authorized and executed commands are recorded on the
HWTACACS server.

The command accounting configuration involves three steps:

1.

Enable command accounting. See the following table for details.

2.

Configure a HWTACACS scheme. Specify the IP addresses of the HWTACACS accounting
servers and other related parameters.

3.

Configure the ISP domain to use the HWTACACS scheme for command line users. For more
information about HWTACACS configurations, see HWTACACS Configuration in the Firewall
Web Configuration Manual.

Follow these steps to enable command accounting:

To do…

Use the command…

Remarks

Enter system view

system-view

––

Enter user interface view

user-interface { first-num1
[ last-num1 ] | { aux | console |
vty } first-num2 [ last-num2 ] }

––

Enable command accounting

command accounting

Required
Disabled by default, which means
the accounting server does not

record the commands the users

execute.