R21xx-HP FlexFabric 11900 Fundamentals Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products

In this method, the username you enter is ignored. You can pass authentication as long as the

password is correct.

• If you execute the quit command after switching to a user role, you are logged out of the current user

interface.

Table 10 Authentication modes for user role switching

words Authentication mode

Descri

tion

local

Local password

authentication only

(local-only)

The device uses the locally configured switching password for

authentication.

scheme

Remote AAA authentication

through HWTACACS or

RADIUS (remote-only)

The device sends the username and password to the

HWTACACS or RADIUS server for remote authentication.

To use this mode, you must perform the following

configuration tasks:

• Configure the required HWTACACS or RADIUS scheme

and configure the ISP domain to use the scheme for the

user. For more information, see Security Configuration

Guide.

• Add the user account and password on the HWTACACS

or RADIUS server.

local scheme

Local password

authentication first and then

remote AAA authentication

(local-then-remote)

Local password authentication is performed first. If no

switching password is configured, the device performs AAA

authentication.

scheme local

Remote AAA authentication

first and then local password

authentication

(remote-then-local)

AAA authentication is performed first. If the remote

HWTACACS or RADIUS server does not respond or the AAA

configuration on the device is invalid, local password

authentication is performed.

Configuring user role switching authentication

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Set an authentication

mode.

super authentication-mode { local |

scheme } *

By default, local-only authentication

applies.

3. Set a local

authentication

password for

switching to a user

role.

• In non-FIPS mode:

super password [ role rolename ]

[ { hash | simple } password ]

• In FIPS mode:

super password [ role rolename ]

Use this step for local password

authentication.

By default, no switching password is

configured.

If you do not specify the role

rolename option, the command sets

the password for network-admin.

Switching the user role

A VTY user must pass authentication before switching to a user role.