3-8
Telnet Login Configuration with Authentication Mode Being Scheme
Configuration Procedure
Follow these steps to perform Telnet configuration (with authentication mode being
scheme
):
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter one or more VTY
user interface views
user-interface vty
first
-
number
[
last-number
]
—
Configure to authenticate
users locally or remotely
authentication-mode
scheme
Required
The specified AAA scheme
determines whether to authenticate
users locally or remotely.
Users are authenticated locally by
default.
Enter the
default ISP
domain view
domain
domain name
Configure
the AAA
scheme to
be applied
to the
domain
authentication default
{
hwtacacs-scheme
hwtacacs-scheme- name
[
local
] |
local
|
none
|
radius-scheme
radius-scheme-name
[
local
] }
Configure
the
authenticati
on scheme
Quit to
system view
quit
Optional
By default, the local AAA scheme is
applied. If you specify to apply the
local AAA scheme, you need to
perform the configuration concerning
local user as well.
If you specify to apply an existing
scheme by providing the
radius
-
scheme-name
argument, you
need to perform the following
configuration as well:
z
Perform AAA-RADIUS
configuration on the switch. (Refer
to
AAA Configuration
in the
Security Volume
for details.)
z
Configure the user name and
password accordingly on the AAA
server. (Refer to the user manual
of AAA server.)
Create a local user and
enter local user view
local-user
user-name
No local user exists by default.
Set the authentication
password for the local user
password
{
simple
|
cipher
}
password
Required
By default, a user is authorized with
no password
Specifies the level of the
local user
authorization-attribute
level level
By default, no authorization attribute
is configured for a local user
Specify the service type for
AUX users
service-type telnet
Required
By default, a user is authorized with
no service
Note that, when you log in to an Ethernet switch using the scheme authentication mode, your access
rights depend on your user level defined in the AAA scheme.
When the local authentication mode is used, the user levels are specified using the
authorization-attribute level level
command.
When the RADIUS or HWTACACS authentication mode is used, the user levels are set on the
corresponding RADIUS or HWTACACS servers.