Manualshelf

R0106-HP MSR Router Series Fundamentals Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
41424344454647484950
42
User line identification
Every user line has an absolute number and a relative number for identification.
An absolute number uniquely identifies a user line among all user lines. The user lines are numbered
starting from 0 and incrementing by 1 and in the sequence of console, TTY, AUX, and VTY lines. You can
use the display line command without any parameters to view supported user lines and their absolute
numbers.
A relative number uniquely identifies a user line among all user lines that are the same type. The number
format is user line type + number. TTY lines are numbered starting from 1 and incrementing by 1. All
other types of user lines are numbered starting from 0 and incrementing by 1. For example, the first VTY
line is VTY 0.
Login authentication modes
You can configure login authentication to prevent illegal access to the device CLI.
In non-FIPS mode, the device supports the following login authentication modes:
None—Disables authentication. This mode allows access without authentication and is insecure.
Password—Requires password authentication.
Scheme—Uses the AAA module to provide local or remote login authentication. You must provide
a username and password at login.
In FIPS mode, the device supports only the scheme authentication mode.
Different login authentication modes require different user line configurations, as shown in Table 10.
Table 10 Configuration required for differen
t login authentication modes
Authentication mode Confi
g
uration tasks
None Set the authentication mode to none.
Password
4. Set the authentication mode to password.
5. Set a password.
Scheme
6. Set the authentication mode to scheme.
7. Configure login authentication methods in ISP domain view. For more
information, see Security Configuration Guide.
User roles
A user is assigned one or more user roles at login, and a user can access only commands permitted by
the assigned user roles. For more information about user roles, see "Configuring RBAC."
The device assigns user roles based on the login authentication mode and login method:
If none or password authentication is used, the device assigns user roles according to the user role
configuration made for the user line.
If scheme authentication is used:
{ For an SSH login user who uses publickey or password-publickey authentication, the device
assigns the user roles that are specified in local user view for the local device management user
with the same name.