H3C Technologies H3C S12500 Series Switches User Manual
Page 30
18
Keywords
Authentication
mode
Description
scheme
Remote AAA
authentication
through
HWTACACS or
RADIUS
The switch sends the username and password for privilege level
switching to the HWTACACS or RADIUS server for remote
authentication.
To use this mode, you must perform the following configuration
tasks:
•
Configure the required HWTACACS or RADIUS schemes and
configure the ISP domain to use the schemes for users. For more
information, see Security Configuration Guide.
•
Add user accounts and specify the user passwords on the
HWTACACS or RADIUS server.
local scheme
Local password
authentication first
and then remote
AAA
authentication
The switch authenticates a user by using the local password first,
and if no password for privilege level switching is set, for the user
logged in from the console port, the privilege level is switched
directly; for the user logged in from any of the AUX or VTY user
interfaces, the AAA authentication is performed.
scheme local
Remote AAA
authentication first
and then local
password
authentication
AAA authentication is performed first, and if the remote
HWTACACS or RADIUS server does not respond or AAA
configuration on the switch is invalid, the local password
authentication is performed.
To configure the authentication parameters for a user privilege level:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Set the authentication mode
for user privilege level
switching.
super authentication-mode { local
| scheme } *
Optional.
By default, local-only
authentication is used.
3.
Configure the password for
user privilege level switching.
super password [ level user-level ]
[ hash ] { simple | cipher }
password
This step is required when local
authentication is involved.
By default, a privilege level has no
password.
The hash keyword is not supported
in FIPS mode.
Executing this command without
specifying the user privilege level,
configures a password for user
privilege level 3.
You cannot configure the super
password [ level user-level ] hash
cipher password command when
the password-control enable
command is configured.
If local-only authentication is used, a console user interface user can switch to a higher privilege level,
even if the privilege level has not been assigned a password. Console user interface users include users
logged in through the console port and users logged in through the AUX port used as the console port.