3-10
# Configure to authenticate users logging in to VTY 0 in the scheme mode.
[Sysname-ui-vty0] authentication-mode scheme
# Configure Telnet protocol is supported.
[Sysname-ui-vty0] protocol inbound telnet
# Set the maximum number of lines the screen can contain to 30.
[Sysname-ui-vty0] screen-length 30
# Set the maximum number of commands the history command buffer can store to 20.
[Sysname-ui-vty0] history-command max-size 20
# Set the timeout time to 6 minutes.
[Sysname-ui-vty0] idle-timeout 6
z
Configure the authentication scheme
Configure the authentication server by referring to related parts in
AAA Configuration
.
Configuring Command Authorization
By default, command level for a login user depends on the user level. The user is authorized the
command with the default level not higher than the user level. With the command authorization
configured, the command level for a login user is decided by both the user level and AAA authorization.
If a user executes a command of the corresponding user level, the authorization server checks whether
the command is authorized. If yes, the command can be executed.
The authorization server checks the commands authorized for users through the username, and thus
the command authorization configuration involves three steps:
1) Configure to use username and password authentication when users log in.
2) Enable command authorization. See the following table for details.
3) Configure an authorization scheme. Specify the IP address and other related parameters for the
accounting server. For details, refer to the
AAA Configuration
in the
Security Volume
.
Follow these steps to enable command authorization:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter AUX user interface view
user-interface vty
first
-
number
[
last-number
]
—
Enable command authorization
command authorization
Required
Disabled by default, that is,
users can execute commands
without authorization.
Configuring Command Accounting
Command accounting allows the HWTACACS server to record all commands executed on the device
regardless of the command execution result. This helps control and monitor the user operations on the
device.
If command accounting is enabled and command authorization is not enabled, every executed
command will be recorded on the HWTACACS server. If both command accounting and command
Содержание S7906E - Switch
Страница 82: ...1 4 DeviceA interface tunnel 1 DeviceA Tunnel1 service loopback group 1...
Страница 200: ...1 11 DeviceB display vlan dynamic No dynamic vlans exist...
Страница 494: ...ii Displaying and Maintaining Tunneling Configuration 1 45 Troubleshooting Tunneling Configuration 1 45...
Страница 598: ...ii...
Страница 1757: ...4 9...
Страница 1770: ...6 4...
Страница 2017: ...2 11 Figure 2 3 SFTP client interface...
Страница 2062: ...i Table of Contents 1 URPF Configuration 1 1 URPF Overview 1 1 What is URPF 1 1 How URPF Works 1 1 Configuring URPF 1 2...
Страница 2238: ...1 16 DeviceA cfd linktrace service instance 1 mep 1001 target mep 4002...
Страница 2442: ...2 4 Set the interval for sending Syslog or trap messages to 20 seconds Device mac address information interval 20...