R3166-R3206-HP High-End Firewalls Getting Started Guide-6PW101
55
To do… Use the command…
Remarks
Configure
the
authentica
tion mode
Enter the
default ISP
domain view
domain domain-name
Optional
By default, the AAA scheme is local.
Apply the
specified
AAA scheme
to the domain
authentication default
{ hwtacacs-scheme
hwtacacs-scheme-name
[ local ] | local | none |
radius-scheme
radius-scheme-name
[ local ] }
Return to
system view
quit
Create a local user and
enter local user view
local-user user-name
Required
By default, no local user exists.
Set the authentication
password for the local user
password { cipher | simple }
password
Required
Specifies the command
level of the local user
authorization-attribute level
level
Optional
By default, the command level is 0.
Specify the service type for
the local user
service-type terminal
Required
By default, no service type is specified.
Configure common settings
for VTY user interfaces
—
Optional
See “Configuring common settings for VTY user
interfaces (optional).”
After you enable command authorization or command accounting, you need to perform the following
configuration to make the function take effect:
• Create a HWTACACS scheme, and specify the IP address of the authorization server and other
authorization parameters.
• Reference the created HWTACACS scheme in the ISP domain.
When users adopt the scheme mode to log in to the device, the level of the commands that the users can
access depends on the user privilege level defined in the AAA scheme.
• When the AAA scheme is local, the user privilege level is defined by the authorization-attribute
level level command.
• When the AAA scheme is RADIUS or HWTACACS, the user privilege level is configured on the
RADIUS or HWTACACS server.
After the configuration, when you log in to the device through modems, you are prompted to enter a
login username and password. A prompt such as <HP> appears after you input the password and
username and press Enter, as shown in Figure 40.