4000 Router Series Fundamentals Configuration Guide

An absolute number uniquely identifies a user line among all user lines. The user lines are numbered

starting from 0 and incrementing by 1 and in the sequence of console, TTY, AUX, and VTY lines. You can

use the display line command without any parameters to view supported user lines and their absolute

numbers.

A relative number uniquely identifies a user line among all user lines that are the same type. The number

format is user line type + number. Except for TTY lines, which are numbered starting from 1 and

incrementing by 1, all the other types of user lines are numbered starting from 0 and incrementing by 1.

For example, the first VTY line is VTY 0.

You can configure login authentication to prevent illegal access to the device CLI.

The device supports the following login authentication modes:

• None—Disables authentication. This mode allows access without authentication and is insecure.

• Password—Requires password authentication.

• Scheme—Uses the AAA module to provide local or remote login authentication. You must provide

a username and password at login.

Different login authentication modes require different user line configurations, as shown in Table 10.

Table 10 Configuration required for

different login authentication modes

Authentication

mode

Configuration tasks

None Set the authentication mode to none.

Password

4. Set the authentication mode to password.

5. Set a password.

Scheme

6. Set the authentication mode to scheme.

7. Configure login authentication methods in ISP domain view. For more

information, see Security Configuration Guide.

User roles

A user is assigned one or more user roles at login, and a user can access only commands permitted by

the assigned user roles. For more information about user roles, see "Configuring RBAC."

The device assigns user roles based on the login authentication mode and login method:

• If none or password authentication is used, the device assigns user roles according to the user role

configuration made on the user line.

• If scheme authentication is used:

{ For an SSH login user who uses publickey or password-publickey authentication, the device

assigns user roles according to the user role configuration made on the user line.

{ For other users, the device assigns user roles according to the user role configuration made on

the AAA module. For remote AAA authentication users, if the AAA server does not assign any

user role to a user and the default user role function is disabled, the user cannot log in.