Configuring scheme authentication for telnet login, Configuring scheme, Authentication for telnet – H3C Technologies H3C SecBlade LB Cards User Manual
Page 31: Login, Figure 18
21
Figure 18 Password authentication interface for Telnet login
Configuring scheme authentication for Telnet login
When scheme authentication is used, you can choose to configure the command authorization and
command accounting functions.
If command authorization is enabled, a command is available only if the user has the commensurate user
privilege level and is authorized to use the command by the AAA scheme.
Command accounting allows the HWTACACS server to record all commands executed by users,
regardless of command execution results. This function helps control and monitor user behaviors on the
LB product. If command accounting is enabled and command authorization is not enabled, every
executed command is recorded on the HWTACACS server. If both command accounting and command
authorization are enabled, only the authorized and executed commands are recorded on the
HWTACACS server.
Follow these guidelines when you configure scheme authentication for Telnet login:
•
To make the command authorization or command accounting function take effect, apply an
HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the
authorization server and other authorization parameters.
•
If the local authentication scheme is used, use the authorization-attribute level level command in
local user view to set the user privilege level on the LB product.
•
If a RADIUS or HWTACACS authentication scheme is used, set the user privilege level on the
RADIUS or HWTACACS server.
To configure scheme authentication for Telnet login:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable Telnet server.
telnet server enable
By default, the Telnet server function is
disabled.
3.
Enter one or multiple
VTY user interface views.
user-interface vty first-number
[ last-number ]
N/A