Configuration prerequisites
You have logged in to the device.
By default, you can log in to the device through the console port without authentication and have user privilege level 3 after login. For information about logging in to the device with the default configuration, see “Configuration requirements.”
Configuration procedure
Follow these steps to configure scheme authentication for console login:
To do… | Use the command… | Remarks | ||
Enter system view | — |
| ||
|
|
|
| |
Enter AUX user interface view | — |
| ||
[ |
| |||
|
|
| ||
|
|
| ||
|
| Required | ||
|
| Whether local, RADIUS, or | ||
Specify the scheme |
| HWTACACS authentication is | ||
adopted depends on the configured | ||||
authentication mode | AAA scheme. | |||
| ||||
|
| By default, users that log in through | ||
|
| the console port are not | ||
|
| authenticated. | ||
|
|
| ||
|
| Optional | ||
|
| • | By default, command | |
|
|
| authorization is not enabled. | |
|
| • By default, the command level | ||
|
|
| depends on the user privilege | |
|
|
| level. A user is authorized a | |
|
|
| command level not higher than | |
|
|
| the user privilege level. With | |
|
|
| command authorization | |
|
|
| enabled, the command level for | |
|
|
| a login user is determined by | |
|
|
| both the user privilege level and | |
Enable command authorization | command authorization |
| AAA authorization. If a user | |
| executes a command of the | |||
|
|
| ||
|
|
| corresponding command level, | |
|
|
| the authorization server checks | |
|
|
| whether the command is | |
|
|
| authorized. If yes, the command | |
|
|
| can be executed. | |
|
| • | Before enabling command | |
|
|
| authorization, configure the AAA | |
|
|
| authorization server. After you | |
|
|
| enable command authorization, | |
|
|
| only commands authorized by | |
the AAA authorization server can be executed.
31