H3C Technologies H3C SecPath F1000-E User Manual
Page 32
24
Step Command
Remarks
4.
Specify the scheme
authentication mode.
authentication-mode scheme
Whether local, RADIUS, or
HWTACACS authentication is
adopted depends on the
configured AAA scheme.
By default, local authentication is
adopted.
5.
Enable command authorization. command authorization
Optional.
By default, command authorization
is not enabled.
Create a HWTACACS scheme,
and specify the IP address of the
authorization server and other
authorization parameters. For more
information, see Access Control
Configuration Guide.
Reference the created HWTACACS
scheme in the ISP domain. For more
information, see Access Control
Configuration Guide.
6.
Enable command accounting.
command accounting
Optional.
By default, command accounting is
disabled. The accounting server
does not record the commands
executed by users.
Command accounting allows the
HWTACACS server to record all
executed commands that are
supported by the device,
regardless of the command
execution result. This helps control
and monitor user operations on the
device. If command accounting is
enabled and command
authorization is not enabled, every
executed command is recorded on
the HWTACACS server. If both
command accounting and
command authorization are
enabled, only the authorized and
executed commands are recorded
on the HWTACACS server.
7.
Exit to system view.
quit
N/A
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS