Manualshelf

R211x-HP Flexfabric 11900 Fundamentals Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
21222324252627282930
18
When both command accounting and command authorization are enabled, only authorized commands
that are executed are recorded on the HWTACACS server.
Invalid commands issued by users are not recorded.
If the command accounting command is configured in user line class view, command accounting is
enabled on all user lines in the class, and you cannot configure the undo command accounting
command in the view of a user line in the class.
Examples
# Enable command accounting for user line VTY 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] command accounting
Related commands
command authorization
accounting command (Security Command Reference)
command authorization
Use command authorization to enable command authorization.
Use undo command authorization to restore the default.
Syntax
command authorization
undo command authorization
Default
Command authorization is disabled. Logged-in users can execute commands without authorization.
Views
User line view, user line class view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
When command authorization is enabled, a command is available only if the user has the
commensurate user role and is authorized to use the command by the AAA scheme.
If the command authorization command is configured in user line class view, command authorization is
enabled on all user lines in the class, and you cannot configure the undo command authorization
command in the view of a user line in the class.
Examples
# Enable command accounting for VTY 0 so a user logged in through VTY 0 can execute only authorized
commands that are permitted by the user role.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] command authorization