To do… | Use the command… | Remarks | ||
Enable the current user interface to |
| Optional | ||
protocol inbound { all ssh } | By default, Telnet and SSH are | |||
support SSH | ||||
| supported. | |||
|
| |||
|
|
| ||
|
| Optional | ||
|
| • | By default, command | |
|
|
| authorization is not enabled. | |
|
| • By default, command level for a | ||
|
|
| login user depends on the user | |
|
|
| privilege level. The user is | |
|
|
| authorized the command with | |
|
|
| the default level not higher than | |
|
|
| the user privilege level. With | |
Enable command authorization | command authorization |
| the command authorization | |
| configured, the command level | |||
|
|
| ||
|
|
| for a login user is determined | |
|
|
| by both the user privilege level | |
|
|
| and AAA authorization. If a | |
|
|
| user executes a command of | |
|
|
| the corresponding command | |
|
|
| level, the authorization server | |
|
|
| checks whether the command is | |
|
|
| authorized. If yes, the | |
|
|
| command can be executed. | |
|
|
| ||
|
| Optional | ||
|
| • | By default, command | |
|
|
| accounting is disabled. The | |
|
|
| accounting server does not | |
|
|
| record the commands executed | |
|
|
| by users. | |
|
| • | Command accounting allows | |
|
|
| the HWTACACS server to | |
|
|
| record all executed commands | |
|
|
| that are supported by the | |
|
|
| device, regardless of the | |
Enable command accounting | command accounting |
| command execution result. This | |
| helps control and monitor user | |||
|
|
| operations on the device. If | |
|
|
| command accounting is | |
|
|
| enabled and command | |
|
|
| authorization is not enabled, | |
|
|
| every executed command is | |
|
|
| recorded on the HWTACACS | |
|
|
| server. If both command | |
|
|
| accounting and command | |
|
|
| authorization are enabled, only | |
|
|
| the authorized and executed | |
|
|
| commands are recorded on the | |
|
|
| HWTACACS server. | |
|
|
|
| |
Exit to system view | quit | — |
| |
|
|
|
| |
49