beautypg.com

H3C Technologies H3C SecBlade LB Cards User Manual

Page 90

background image

80

To avoid problems, H3C recommends that administrators log in with a lower privilege level to view

switch operating parameters, and switch to a higher level temporarily only when they must maintain the
device.
When administrators must leave for a while or ask someone else to manage the device temporarily, they

can switch to a lower privilege level before they leave to restrict the operation by others.

Configuring the authentication parameters for user privilege level switching

A user can switch to a lower privilege level without authentication. To switch to a higher privilege level,
however, a user must provide the privilege level switching authentication information (if any).

Table 16

shows the privilege level switching authentication modes supported by the device.

Table 16 Privilege level switching authentication modes

Authentication

mode

Keywords Description

Local password
authentication
only (local-only)

local

The device uses the locally configured passwords for privilege level
switching authentication.
To use this mode, you must set the passwords for privilege level switching
using the super password command.

Remote AAA
authentication

through
HWTACACS or

RADIUS

scheme

The device sends the username and password for privilege level switching to
the HWTACACS or RADIUS server for remote authentication.
To use this mode, you must perform the following configuration tasks:

Configure the required HWTACACS or RADIUS schemes and configure

the ISP domain to use the schemes for users. For more information, see
Security Configuration Guide.

Add user accounts and specify the user passwords on the HWTACACS or

RADIUS server.

Local password
authentication
first and then

remote AAA

authentication

local
scheme

The device first uses the locally configured passwords for privilege level
switching authentication. If no local password is set, the device allows

console users to switch their privilege levels without authentication, but
performs AAA authentication for AUX and VTY users.

Remote AAA
authentication
first and then

local password

authentication

scheme
local

AAA authentication is performed first, and if the remote HWTACACS or
RADIUS server does not respond or AAA configuration on the device is

invalid, the local password authentication is performed.

To configure the authentication parameters for a user privilege level:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Set the authentication
mode for user privilege

level switching.

super authentication-mode
{ local | scheme } *

Optional.
By default, local-only authentication is used.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: