4000 Router Series Fundamentals Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

{ If HWTACACS authentication is used, use a user account that has the target user role level or a

user role level higher than the target user role. For example, if the user account test has the user

role level-3, you can use this user account to obtain the level-0, level-1, level-2, or level-3 user

role. By using this method, you must enter the correct username and password to pass

authentication.

{ If RADIUS authentication is used, you must create a user account for each level-n user role in the

$enabn$ format or the $enabn$@domain-name format, where n represents the user role level.

By using this method, the username you enter is ignored. You can pass authentication as long

as the password is correct.

• If you execute the quit command after obtaining a user role, you are logged out of the device.

Table 7 User role authentication modes

words Authentication mode

Descri

tion

local

Local password

authentication only

(local-only)

The device uses the locally configured password for

authentication.

scheme

Remote AAA authentication

through HWTACACS or

RADIUS (remote-only)

The device sends the username and password to the

HWTACACS or RADIUS server for remote authentication.

To use this mode, you must perform the following

configuration tasks:

• Configure the required HWTACACS or RADIUS scheme

and configure the ISP domain to use the scheme for the

user. For more information, see Security Configuration

Guide.

• Add the user account and password on the HWTACACS

or RADIUS server.

local scheme

Local password

authentication first, and then

remote AAA authentication

(local-then-remote)

Local password authentication is performed first. If no

password is configured for the user role, the device performs

AAA authentication.

scheme local

Remote AAA authentication

first, and then local

password authentication

(remote-then-local)

AAA authentication is performed first. If the HWTACACS or

RADIUS server does not respond, or the AAA configuration

on the device is invalid, local password authentication is

performed.

Configuring user role authentication

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Set an authentication

mode.

super authentication-mode { local |

scheme } *

By default, local-only authentication

applies.