R3166-R3206-HP High-End Firewalls Getting Started Guide-6PW101
28
After you enable command authorization or command accounting, you need to perform the following
configuration to make the function take effect:
• Create a HWTACACS scheme, and specify the IP address of the authorization server and other
authorization parameters.
• Reference the created HWTACACS scheme in the ISP domain.
When users adopt the scheme mode to log in to the device, the level of the commands that the users can
access depends on the user privilege level defined in the AAA scheme.
• When the AAA scheme is local, the user privilege level is defined by the authorization-attribute
level level command.
• When the AAA scheme is RADIUS or HWTACACS, the user privilege level is configured on the
RADIUS or HWTACACS server.
When you log in to the device through Telnet again:
• You are required to enter the login username and password. A prompt such as <HP> appears after
you enter the correct username (for example, admin) and password and press Enter, as shown
in Figure 20.
• A
fter you enter the correct username and password, if the device prompts you to enter another
password of the specified type, you will be authenticated for the second time. In other words, to
pass authentication, you must enter a correct password as prompted.
• If “All user interfaces are used, please try later!” is displayed, it means the current login users
exceed the maximum number. Please try later.
Figure 20 Configuration page
Configuring common settings for VTY user interfaces (optional)
Follow these steps to configure Common settings for VTY user interfaces:
To do… Use the command…
Remarks
Enter system view system-view —
Enter management Ethernet interface
view
interface interface-type
interface-number
—