HP VPN Firewall Appliances Getting Started Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

111

112

113

114

115

116

117

118

119

120

106

Ste

Command

Remarks

2. Enter user interface

view.

user-interface { first-num1

[ last-num1 ] | { console | vty }

first-num2 [ last-num2 ] }

N/A

3. Specify the scheme

authentication mode.

authentication-mode scheme

By default, the authentication mode for

VTY users is scheme, and no

authentication is needed for console

4. Return to system view.

quit N/A

5. Configure the

authentication mode

for SSH users as

password.

For more information, see System

Management and Maintenance

Configuration Guide.

This task is required only for SSH users

who are required to provide their

usernames and passwords for

authentication.

6. Configure the user

privilege level through

the AAA module.

• To use local authentication:

a. Use the local-user command

to create a local user and

enter local user view.

b. Use the level keyword in the

authorization-attribute

command to configure the

user privilege level.

• To use remote RADIUS,

HWTACACS, or LDAP

authentication, configure the user

privilege level on the

authentication server.

User either method.

For local authentication, if you do not

configure the user privilege level, the

user privilege level is 0.

For remote authentication, if you do not

configure the user privilege level, the

user privilege level depends on the

default configuration of the

authentication server.

For more information about the

local-user and authorization-attribute

commands, see Access Control

Command Reference.

For example:

# Configure the device to use local authentication for Telnet users on VTY 1.

<Sysname> system-view

[Sysname] user-interface vty 1

[Sysname-ui-vty1] authentication-mode scheme

[Sysname-ui-vty1] quit

[Sysname] local-user test

[Sysname-luser-test] password simple 123

[Sysname-luser-test] service-type telnet

When users Telnet to the device through VTY 1, they must enter username test and password 123. After

passing the authentication, the users can only use level-0 commands.

# Assign commands of levels 0 through 3 to the users.

[Sysname-luser-test] authorization-attribute level 3

Configuring the user privilege level directly on a user interface

To configure the user privilege level directly on a user interface that uses the scheme authentication

mode: