18
Authentication
mode
Meaning Description
local
Local password
authentication
The switch authenticates a user by using the privilege level switching
password entered by the user.
When this mode is applied, you need to set the password for
privilege level switching with the
super password
command.
scheme
Remote AAA
authentication
through
HWTACACS or
RADIUS
The switch sends the username and password for privilege level
switching to the HWTACACS or RADIUS server for remote
authentication.
When this mode is applied, you need to perform the following
configurations:
•
Configure HWTACACS or RADIUS scheme and reference the
created scheme in the ISP domain. For more information, see
Security Configuration Guide
.
•
Create the corresponding user and configure password on the
HWTACACS or RADIUS server.
local scheme
Performs the local
password
authentication first
and then the
remote AAA
authentication
The switch authenticates a user by using the local password first,
and if no password for privilege level switching is set, for the user
logged in from the AUX user interface, the privilege level is switched
directly; for the user logged in from a VTY user interface, the AAA
authentication is performed.
scheme local
Performs remote
AAA
authentication first
and then the local
password
authentication
AAA authentication is performed first, and if the remote
HWTACACS or RADIUS server does not respond or AAA
configuration on the switch is invalid, the local password
authentication is performed.
Follow these steps to set the authentication mode for user privilege level switching:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Set the authentication mode for
user privilege level switching
super authentication-mode
{
local
|
scheme
}
*
Optional
local
by default.
Configure the password for user
privilege level switching
super password
[
level
user-level
]
{
simple
|
cipher
}
password
Required if the authentication
mode is set to
local
(specify the
local
keyword when setting the
authentication mode)
By default, no privilege level
switching password is configured.