25
By default, you can log in to the device through the console port without authentication and have user
privilege level 3 after login. For information about logging in to the device with the default configuration,
see “
.”
Configuration procedure
Follow these steps to configure scheme authentication for Telnet login
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enable Telnet
telnet server enable
Required
Disabled by default
Enter one or multiple VTY
user interface views
user-interface vty
first
-
number
[
last-number
]
—
Specify the scheme
authentication mode
authentication-mode
scheme
Required
Whether local, RADIUS, or HWTACACS
authentication is adopted depends on the
configured AAA scheme.
By default, local authentication is adopted.
Enable command
authorization
command authorization
Optional
By default, command authorization is not enabled.
•
Create a HWTACACS scheme, and specify the
IP address of the authorization server and other
authorization parameters.
•
Reference the created HWTACACS scheme in
the ISP domain.
Enable command
accounting
command accounting
Optional
•
By default, command accounting is disabled.
The accounting server does not record the
commands executed by users.
•
Command accounting allows the HWTACACS
server to record all executed commands that
are supported by the device, regardless of the
command execution result. This helps control
and monitor user operations on the device. If
command accounting is enabled and
command authorization is not enabled, every
executed command is recorded on the
HWTACACS server. If both command
accounting and command authorization are
enabled, only the authorized and executed
commands are recorded on the HWTACACS
server.
Exit to system view
quit
—