Manualshelf

R21xx-HP FlexFabric 11900 Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
11121314151617181920
9
Parameters
hwtacacs-scheme hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, a
case-insensitive string of 1 to 32 characters.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, a case-insensitive string of
1 to 32 characters.
Usage guidelines
You can specify one authentication method and one backup authentication method to use in case that
the previous authentication method is invalid.
If you specify a scheme to provide the method for user role switching authentication, the method applies
only to users whose user role is in the format of level-n.
If an HWTACACS scheme is specified, the device uses the entered username for role switching
authentication. The username must already exist on the HWTACACS server to represent the highest
user level to be switched to. For example, to switch to a level-3 user role whose username is test, the
device uses test@domain-name or test for role switching authentication, depending on whether the
domain name is required.
If a RADIUS scheme is specified, the device uses the username $enabn$ on the RADIUS server for
role switching authentication, where n is the same as that in the target user role. For example, to
switch to a level-3 user role whose username is test, the device uses $enab3@domain-name$ or
$enab3$ for role switching authentication, depending on whether the domain name is required.
Examples
# Configure ISP domain test to use HWTACACS scheme tac for user role switching authentication.
<Sysname> system-view
[Sysname] super authentication-mode scheme
[Sysname] domain test
[Sysname-domain-test] authentication super hwtacacs-scheme tac
Related commands
authentication default
hwtacacs scheme
radius scheme
authorization command
Use authorization command to specify the command authorization method.
Use undo authorization command to restore the default.
Syntax
In non-FIPS mode:
authorization command { hwtacacs-scheme hwtacacs-scheme-name [ local ] [ none ] | local [ none ] |
none }
undo authorization command
In FIPS mode:
authorization command { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local }
undo authorization command