HP VPN Firewall Appliances Getting Started Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

• To make the command authorization or command accounting function take effect, apply an

HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the

authorization server and other authorization parameters.

• If the local authentication scheme is used, use the authorization-attribute level level command in

local user view to set the user privilege level on the device.

• If a RADIUS or HWTACACS authentication scheme is used, set the user privilege level on the

RADIUS or HWTACACS server.

To configure scheme authentication for Telnet login:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enable Telnet server.

telnet server enable

By default, the Telnet server function is

disabled.

3. Enter one or multiple

VTY user interface views.

user-interface vty first-number

[ last-number ]

N/A

4. Enable scheme

authentication.

authentication-mode scheme

Whether local, RADIUS, or

HWTACACS authentication is adopted

depends on the configured AAA

scheme.

By default, local authentication is

adopted.

5. Enable command

authorization.

command authorization

Optional.

By default, command authorization is

disabled. The commands available for

a user only depend on the user

privilege level.

6. Enable command

accounting.

command accounting

Optional.

By default, command accounting is

disabled. The accounting server does

not record the commands executed by

users.

7. Exit to system view.

quit N/A

8. Apply an AAA

authentication scheme to

the intended domain.

a. Enter ISP domain view:

domain domain-name

b. Apply an AAA scheme to

the domain:

authentication default

{ hwtacacs-scheme

hwtacacs-scheme-name

[ local ] | local | none |

radius-scheme

radius-scheme-name

[ local ] }

c. Exit to system view:

quit

Optional.

By default, local authentication is used.

For local authentication, configure

local user accounts.

For RADIUS or HWTACACS

authentication, configure the RADIUS

or HWTACACS scheme on the device

and configure authentication settings

(including the username and

password) on the server.

For more information about AAA

configuration, see Access Control

Configuration Guide.

9. Create a local user and

enter local user view.

local-user user-name

By default, a local user named admin

exists.