HP manual 39

To do…

Use the command…

Remarks

Optional

• By default, command accounting

is disabled. The accounting

server does not record the

commands executed by users.

• Command accounting allows the

HWTACACS server to record all

the commands executed by

users, regardless of command

execution results. This helps

control and monitor user

operations on the device. If

Enable command accounting

command accounting

command accounting is enabled

and command authorization is

not enabled, every executed

command is recorded on the

HWTACACS server. If both

command accounting and

command authorization are

enabled, only the authorized and

executed commands are

recorded on the HWTACACS

server.

• Configure the AAA accounting

server before enabling command

accounting.

Return to system view

quit

—

Enter the ISP

domain domain-name

Optional

domain view

By default, the AAA scheme is local.

Apply the

authentication default

If you specify the local AAA scheme,

{ hwtacacs-scheme

you need to perform local user

specified AAA

hwtacacs-scheme-name [ local ]

configuration. If you specify an

scheme to the

local none radius-scheme

existing scheme by providing the

domain

Configure

radius-scheme-name [ local ] }

radius-scheme-name argument,

perform the following configuration

the

as well:

authentica

• For RADIUS and HWTACACS

tion mode

configuration, see the Security

Exit to system view

quit

Configuration Guide.

• Configure the username and

password on the AAA server.

(For more information about

AAA, see the Security

Configuration Guide.)

Create a local user and enter

local-user user-name

Required

local user view

By default, no local user exists.

Set the authentication password

password { cipher simple }

Required

for the local user

password

Specify the command level of

authorization-attribute level level

Optional

the local user

By default, the command level is 0.

32