H3C Technologies H3C SecPath F1000-E User Manual
Page 26
18
Step Command
Remarks
5.
Enable command
accounting.
command accounting
Optional.
By default, command accounting is
disabled. The accounting server
does not record the commands
executed by users.
Command accounting allows the
HWTACACS server to record all the
commands executed by users,
regardless of command execution
results. This helps control and
monitor user operations on the
device. If command accounting is
enabled and command
authorization is not enabled, every
executed command is recorded on
the HWTACACS server. If both
command accounting and
command authorization are
enabled, only the authorized and
executed commands are recorded
on the HWTACACS server.
6.
Return to system view.
quit
N/A
7.
Apply an AAA
authentication scheme to
the intended domain.
a.
Enter ISP domain view:
domain domain-name
b.
Apply an AAA scheme to
the domain:
authentication default
{ hwtacacs-scheme
hwtacacs-scheme-name
[ local ] | local | none |
radius-scheme
radius-scheme-name
[ local ] }
c.
Exit to system view:
quit
Optional.
By default, local authentication is
used.
For local authentication, configure
local user accounts.
For RADIUS or HWTACACS
authentication, configure the
RADIUS or HWTACACS scheme on
the device and configure
authentication settings (including the
username and password) on the
server.
For more information about AAA
configuration, see Access Control
Configuration Guide.
8.
Create a local user and
enter local user view.
local-user user-name
By default, no local user exists.
9.
Set the authentication
password for the local user.
password { cipher | simple }
password
N/A
10.
Specifies the command
level of the local user.
authorization-attribute level level
Optional.
By default, the command level is 0.
11.
Specify the service type for
the local user.
service-type terminal
By default, no service type is
specified.
12.
Configure common settings
for console login.
See "
user interface settings (optional)
."
Optional.