Configuring common vty user, Interface settings (optional) – H3C Technologies H3C SecPath F1000-E User Manual
Page 33

25
Step Command
Remarks
8.
Apply an AAA authentication
scheme to the intended domain.
a.
Enter ISP domain view:
domain domain-name
b.
Apply an AAA scheme
to the domain:
authentication default
{ hwtacacs-scheme
hwtacacs-scheme-name
[ local ] | local | none |
radius-scheme
radius-scheme-name
[ local ] }
c.
Exit to system view:
quit
Optional.
By default, local authentication is
used.
For local authentication, configure
local user accounts.
For RADIUS or HWTACACS
authentication, configure the
RADIUS or HWTACACS scheme
on the device and configure
authentication settings (including
the username and password) on the
server.
For more information about AAA
configuration, see Access Control
Configuration Guide.
9.
Create a local user and enter
local user view.
local-user user-name
By default, no local user exists.
10.
Set the local password.
password { cipher | simple }
password
By default, no local password is set.
11.
Specifies the command level of
the local user.
authorization-attribute level
level
Optional.
By default, the command level is 0.
12.
Specify the service type for the
local user.
service-type telnet
By default, no service type is
specified.
13.
Exit to system view.
quit N/A
14.
Configure common settings for
VTY user interfaces.
Optional.
The next time you attempt to Telnet to the CLI, you must provide the configured login username and
password. If you are required to pass a second authentication, you must also provide the correct
password to access the CLI. If the maximum number of login users has been reached, your login attempt
fails and the message "All user interfaces are used, please try later!" appears.
When users adopt the scheme mode to log in to the device, the level of the commands that the users can
access depends on the user privilege level defined in the AAA scheme.
•
When the AAA scheme is local, the user privilege level is defined by the authorization-attribute
level level command.
•
When the AAA scheme is RADIUS or HWTACACS, the user privilege level is configured on the
RADIUS or HWTACACS server.
Configuring common VTY user interface settings (optional)
You might be unable to access the CLI through a VTY user interface after configuring the auto-execute
command command on it. Before you configure the command and save the configuration, make sure that
you can access the CLI through a different user interface.
To configure common settings for VTY user interfaces:
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS