R3303-HP HSR6800 Routers Fundamentals Configuration Guide
46
• If the local authentication scheme is used, use the authorization-attribute level level command in
local user view to set the user privilege level on the device.
• If a RADIUS or HWTACACS authentication scheme is used, set the user privilege level on the
RADIUS or HWTACACS server.
To configure scheme authentication for AUX login:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter one or more AUX user
interface views.
user-interface aux first-number
[ last-number ]
N/A
3. Enable scheme
authentication.
authentication-mode scheme
By default, password
authentication is enabled on AUX
user interfaces.
4. Enable command
authorization.
command authorization
Optional.
By default, command
authorization is disabled. The
commands available for a user
only depend on the user privilege
level.
If command authorization is
enabled, a command is available
only if the user has the
commensurate user privilege level
and is authorized to use the
command by the AAA scheme.
5. Enable command
accounting.
command accounting
Optional.
By default, command accounting
is disabled. The accounting server
does not record the commands
executed by users.
Command accounting allows the
HWTACACS server to record all
executed commands that are
supported by the device,
regardless of the command
execution result. This function
helps control and monitor user
behaviors on the device. If
command accounting is enabled
and command authorization is not
enabled, every executed
command is recorded on the
HWTACACS server. If both
command accounting and
command authorization are
enabled, only the authorized and
executed commands are recorded
on the HWTACACS server.
6. Exit to system view.
quit N/A