beautypg.com

H3C Technologies H3C SecBlade LB Cards User Manual

Page 32

background image

22

Step Command

Remarks

4.

Enable scheme
authentication.

authentication-mode scheme

Whether local, RADIUS, or
HWTACACS authentication is adopted
depends on the configured AAA

scheme.
By default, local authentication is

adopted.

5.

Enable command
authorization.

command authorization

Optional.
By default, command authorization is

disabled. The commands available for

a user only depend on the user
privilege level.

6.

Enable command

accounting.

command accounting

Optional.
By default, command accounting is
disabled. The accounting server does

not record the commands executed by

users.

7.

Exit to system view.

quit

N/A

8.

Apply an AAA

authentication scheme to
the intended domain.

a.

Enter ISP domain view:

domain domain-name

b.

Apply an AAA scheme to

the domain:
authentication default

{ hwtacacs-scheme

hwtacacs-scheme-name
[ local ] | local | none |

radius-scheme

radius-scheme-name

[ local ] }

c.

Exit to system view:

quit

Optional.
By default, local authentication is used.
For local authentication, configure
local user accounts.
For RADIUS or HWTACACS

authentication, configure the RADIUS
or HWTACACS scheme on the LB

product and configure authentication

settings (including the username and
password) on the server.
For more information about AAA
configuration, see Security

Configuration Guide.

9.

Create a local user and

enter local user view.

local-user user-name

By default, there is a local user named
admin.

10.

Set a password.

password [ [ hash ] { cipher |
simple } password ]

By default, no password is set.

11.

Specify the command
level of the local user.

authorization-attribute level level

Optional.
By default, the command level is 0.

12.

Specify Telnet service for

the local user.

service-type telnet

By default, no service type is specified.

13.

Exit to system view.

quit N/A

14.

Configure common
settings for VTY user

interfaces.

See "

Configuring common VTY user

interface settings (optional)

."

Optional.

The next time you attempt to Telnet to the CLI, you must provide the configured login username and

password, as shown in

Figure 19

. If you are required to pass a second authentication, you must also

provide the correct password to access the CLI. If the maximum number of login users has been reached,

your login attempt fails and the message "All user interfaces are used, please try later!" appears.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: