R3303-HP HSR6800 Routers Fundamentals Configuration Guide
36
Ste
p
Command
Remarks
5. Enable command
authorization.
command authorization
Optional.
By default, command authorization is
disabled. The commands available for a user
only depend on the user privilege level.
If command authorization is enabled, a
command is available only if the user has the
commensurate user privilege level and is
authorized to use the command by the AAA
scheme.
6. Enable command
accounting.
command accounting
Optional.
By default, command accounting is
disabled. The accounting server does not
record the commands executed by users.
Command accounting allows the
HWTACACS server to record all executed
commands that are supported by the device,
regardless of the command execution result.
This function helps control and monitor user
behaviors on the device. If command
accounting is enabled and command
authorization is not enabled, every executed
command is recorded on the HWTACACS
server. If both command accounting and
command authorization are enabled, only
the authorized and executed commands are
recorded on the HWTACACS server.
7. Exit to system view.
quit N/A
8. Apply an AAA
authentication scheme to
the intended domain.
a. Enter ISP domain
view:
domain
domain-name
b. Apply an AAA
scheme to the
domain:
authentication
default
{ hwtacacs-scheme
hwtacacs-scheme-na
me [ local ] | local |
none |
radius-scheme
radius-scheme-name
[ local ] }
c. Exit to system view:
quit
Optional.
By default, local authentication is used.
For local authentication, configure local user
accounts.
For RADIUS or HWTACACS authentication,
configure the RADIUS or HWTACACS
scheme on the device and configure
authentication settings (including the
username and password) on the server.
For more information about AAA
configuration, see Security Configuration
Guide.
9. Create a local user and
enter local user view.
local-user user-name By default, no local user exists.
10. Set a password.
password [ [ hash ] { cipher |
simple } password ]
By default, no password is set.