beautypg.com

H3C Technologies H3C SecBlade LB Cards User Manual

Page 87

background image

77

Configuring a user privilege level for users through the AAA
module

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter user interface view.

user-interface { first-num1 [ last-num1 ]
| { aux | console | vty } first-num2
[ last-num2 ] }

Only LB cards support AUX user
interfaces.

3.

Specify the scheme

authentication mode.

authentication-mode scheme

By default, the authentication

mode is scheme for VTY users and
none for console and AUX users.

4.

Return to system view.

quit

N/A

5.

Configure the

authentication mode for
SSH users as password.

For more information, see Security
Configuration Guide.

This task is required only for SSH
users who are required to provide
their usernames and passwords for

authentication.

6.

Configure the user
privilege level through the

AAA module.

To use local authentication:

a.

Use the local-user command

to create a local user and
enter local user view.

b.

Use the level keyword in the
authorization-attribute

command to configure the

user privilege level.

To use remote authentication

(RADIUS or HWTACACS):

Configure the user privilege level
on the authentication server.

User either approach.
For local authentication, if you do
not configure the user privilege

level, the user privilege level is 0.
For remote authentication, if you
do not configure the user privilege

level, the user privilege level

depends on the default
configuration of the authentication

server.
For more information about the

local-user and

authorization-attribute commands,
see Security Command Reference.

For example:
# Configure the device to use local authentication for Telnet users on VTY 1.

system-view

[Sysname] user-interface vty 1

[Sysname-ui-vty1] authentication-mode scheme

[Sysname-ui-vty1] quit

[Sysname] local-user test

[Sysname-luser-test] password simple 123

[Sysname-luser-test] service-type telnet

When users Telnet to the device through VTY 1, they must enter username test and password 123. After
passing the authentication, the users can only use level-0 commands.
# Assign commands of levels 0 through 3 to the users.

[Sysname-luser-test] authorization-attribute level 3

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: