R3166-R3206-HP High-End Firewalls Getting Started Guide-6PW101
18
To do… Use the command…
Remarks
Enable command
authorization
command authorization
Optional
• By default, command authorization is not
enabled.
• By default, the command level depends on the
user privilege level. A user is authorized a
command level not higher than the user privilege
level. With command authorization enabled, the
command level for a login user is determined by
both the user privilege level and AAA
authorization. If a user executes a command of
the corresponding command level, the
authorization server checks whether the
command is authorized. If yes, the command
can be executed.
Enable command
accounting
command accounting
Optional
• By default, command accounting is disabled.
The accounting server does not record the
commands executed by users.
• Command accounting allows the HWTACACS
server to record all the commands executed by
users, regardless of command execution results.
This helps control and monitor user operations
on the device. If command accounting is
enabled and command authorization is not
enabled, every executed command is recorded
on the HWTACACS server. If both command
accounting and command authorization are
enabled, only the authorized and executed
commands are recorded on the HWTACACS
server.
Return to system view quit —
Configure
the
authentica
tion mode
Enter the
ISP domain
view
domain domain-name
Optional
By default, the AAA scheme is local.
Apply the
specified
AAA
scheme to
the domain
authentication default
{ hwtacacs-scheme
hwtacacs-scheme-name
[ local ] | local | none |
radius-scheme
radius-scheme-name
[ local ] }
Exit to
system
view
quit
Create a local user and
enter local user view
local-user user-name
Required
By default, no local user exists.
Set the authentication
password for the local
user
password { cipher |
simple } password
Required