H3C Technologies H3C S12500 Series Switches User Manual

Page 30

Advertising
background image

18

Keywords

Authentication

mode

Description

scheme

Remote AAA
authentication

through
HWTACACS or

RADIUS

The switch sends the username and password for privilege level
switching to the HWTACACS or RADIUS server for remote
authentication.
To use this mode, you must perform the following configuration
tasks:

Configure the required HWTACACS or RADIUS schemes and

configure the ISP domain to use the schemes for users. For more

information, see Security Configuration Guide.

Add user accounts and specify the user passwords on the

HWTACACS or RADIUS server.

local scheme

Local password
authentication first

and then remote

AAA
authentication

The switch authenticates a user by using the local password first,
and if no password for privilege level switching is set, for the user

logged in from the console port, the privilege level is switched

directly; for the user logged in from any of the AUX or VTY user
interfaces, the AAA authentication is performed.

scheme local

Remote AAA
authentication first

and then local

password

authentication

AAA authentication is performed first, and if the remote
HWTACACS or RADIUS server does not respond or AAA
configuration on the switch is invalid, the local password

authentication is performed.

To configure the authentication parameters for a user privilege level:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Set the authentication mode

for user privilege level
switching.

super authentication-mode { local
| scheme } *

Optional.
By default, local-only
authentication is used.

3.

Configure the password for
user privilege level switching.

super password [ level user-level ]
[ hash ] { simple | cipher }

password

This step is required when local
authentication is involved.
By default, a privilege level has no
password.
The hash keyword is not supported

in FIPS mode.
Executing this command without

specifying the user privilege level,
configures a password for user

privilege level 3.
You cannot configure the super

password [ level user-level ] hash
cipher password command when

the password-control enable

command is configured.

If local-only authentication is used, a console user interface user can switch to a higher privilege level,

even if the privilege level has not been assigned a password. Console user interface users include users

logged in through the console port and users logged in through the AUX port used as the console port.

Advertising
This manual is related to the following products:

H3C S12500-X Series Switches, H3C S9800 Series Switches, H3C S9500E Series Switches, H3C S5560 Series Switches, H3C S5130 Series Switches, H3C S5120 Series Switches, H3C SR8800, H3C SR6600-X, H3C SR6600, H3C MSR 5600, H3C MSR 50, H3C MSR 3600, H3C MSR 30, H3C MSR 2600, H3C MSR 20-2X[40], H3C MSR 20-1X, H3C MSR 930, H3C MSR 900, H3C WX3000E Series Wireless Switches, H3C WX5500E Series Access Controllers, H3C WX3500E Series Access Controllers, H3C WX2500E Series Access Controllers, H3C WX6000 Series Access Controllers, H3C WX5000 Series Access Controllers, H3C WX3000 Series Unified Switches, H3C LSWM1WCM10 Access Controller Module, H3C LSUM3WCMD0 Access Controller Module, H3C LSUM1WCME0 Access Controller Module, H3C LSWM1WCM20 Access Controller Module, H3C LSQM1WCMB0 Access Controller Module, H3C LSRM1WCM2A1 Access Controller Module, H3C LSBM1WCM2A0 Access Controller Module, H3C WA3600 Series Access Points, H3C WA2600 Series WLAN Access Points, H3C SecPath F5020, H3C SecPath F5040, H3C VMSG VFW1000, H3C S10500 Series Switches

Popular Brands
Popular manuals