R3166-R3206-HP High-End Firewalls Getting Started Guide-6PW101
39
To do… Use the command…
Remarks
Enter one or more AUX user
interface views
user-interface aux
first-number [ last-number ]
—
Specify the scheme
authentication mode
authentication-mode
scheme
Required
By default, the authentication mode for users
that log in through the AUX port is password.
Enable command
authorization
command authorization
Optional
• By default, command authorization is not
enabled.
• By default, command level for a login user
depends on the user privilege level. The user
is authorized the command with the default
level not higher than the user privilege level.
With the command authorization
configured, the command level for a login
user is determined by both the user privilege
level and AAA authorization. If a user
executes a command of the corresponding
command level, the authorization server
checks whether the command is authorized.
If yes, the command can be executed.
Enable command accounting command accounting
Optional
• By default, command accounting is
disabled. The accounting server does not
record the commands executed by users.
• Command accounting allows the
HWTACACS server to record all executed
commands that are supported by the device,
regardless of the command execution result.
This helps control and monitor user
operations on the device. If command
accounting is enabled and command
authorization is not enabled, every executed
command is recorded on the HWTACACS
server. If both command accounting and
command authorization are enabled, only
the authorized and executed commands are
recorded on the HWTACACS server.
Exit to system view quit —
Configure
the
authentica
tion mode
Enter the default
ISP domain view
domain domain-name
Optional
By default, the AAA scheme is local.
Apply the
specified AAA
scheme to the
domain
authentication default
{ hwtacacs-scheme
hwtacacs-scheme-name
[ local ] | local | none |
radius-scheme
radius-scheme-name
[ local ] }
Exit to system
view
quit