32
By default, you can log in to the device through the console port without authentication and have user
privilege level 3 after login. For information about logging in to the device with the default configuration,
see “
.”
Configuration procedure
Follow these steps to configure scheme authentication for console login:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter AUX user interface view
user-interface aux
first
-
number
[
last-number
]
—
Specify the scheme
authentication mode
authentication-mode
scheme
Required
Whether local, RADIUS, or HWTACACS
authentication is adopted depends on the
configured AAA scheme.
By default, users that log in through the
console port are not authenticated.
Enable command authorization
command authorization
Optional
•
By default, command authorization is not
enabled.
•
By default, the command level depends on
the user privilege level. A user is
authorized a command level not higher
than the user privilege level. With
command authorization enabled, the
command level for a login user is
determined by both the user privilege level
and AAA authorization. If a user executes
a command of the corresponding
command level, the authorization server
checks whether the command is
authorized. If yes, the command can be
executed.
Enable command accounting
command accounting
Optional
•
By default, command accounting is
disabled. The accounting server does not
record the commands executed by users.
•
Command accounting allows the
HWTACACS server to record all the
commands executed by users, regardless
of command execution results. This helps
control and monitor user operations on the
device. If command accounting is enabled
and command authorization is not
enabled, every executed command is
recorded on the HWTACACS server. If
both command accounting and command
authorization are enabled, only the
authorized and executed commands are
recorded on the HWTACACS server.
Return to system view
quit
—
